DLL Injection Vulnerability in Zoom Client for Meetings and Zoom Rooms

DLL Injection Vulnerability in Zoom Client for Meetings and Zoom Rooms

CVE-2022-28766 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. A local low-privileged user could exploit this vulnerability to run arbitrary code in the context of the Zoom client.

Learn more about our Cis Benchmark Audit For Zoom.