CVE-2022-22788
First published: Wed Jun 15 2022(Updated: )
The Zoom Opener installer is downloaded by a user from the Launch meeting page, when attempting to join a meeting without having the Zoom Meeting Client installed. The Zoom Opener installer for Zoom Client for Meetings before version 5.10.3 and Zoom Rooms for Conference Room for Windows before version 5.10.3 are susceptible to a DLL injection attack. This vulnerability could be used to run arbitrary code on the victims host.
Credit: security@zoom.us
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zoom Meetings | <5.10.3 | |
| Zoom Rooms | <5.10.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-22788?
CVE-2022-22788 is a vulnerability in the Zoom Client for Meetings and Zoom Rooms for Windows that allows the download of the Zoom Opener installer when attempting to join a meeting without the Zoom Meeting Client installed.
How does CVE-2022-22788 impact Zoom users?
CVE-2022-22788 can allow attackers to download malicious Zoom Opener installer when users try to join meetings without having the Zoom Meeting Client installed, potentially leading to compromise of the user's system.
What versions of Zoom are affected by CVE-2022-22788?
Zoom Client for Meetings before version 5.10.3 and Zoom Rooms for Conference Room for Windows before version 5.10.3 are affected by CVE-2022-22788.
What is the severity of CVE-2022-22788?
CVE-2022-22788 has a severity value of 7.8, which is considered high.
How can I fix CVE-2022-22788?
To fix CVE-2022-22788, update your Zoom Client for Meetings and Zoom Rooms for Windows to version 5.10.3 or later.
- collector/nvd-index
- agent/weakness
- agent/tags
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/zoom
- canonical/zoom meetings
- canonical/zoom rooms