{"containers": {"cna": {"affected": [{"product": "Zoom Client for Meetings", "vendor": "Zoom Video Communications Inc", "versions": [{"lessThan": "5.10.3", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "All Zoom Rooms for Conference Room for Windows", "vendor": "Zoom Video Communications Inc", "versions": [{"lessThan": "5.10.3", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Reported by James Tsz Ko Yeung"}], "datePublic": "2022-06-14T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "The Zoom Opener installer is downloaded by a user from the Launch meeting page, when attempting to join a meeting without having the Zoom Meeting Client installed. The Zoom Opener installer for Zoom Client for Meetings before version 5.10.3 and Zoom Rooms for Conference Room for Windows before version 5.10.3 are susceptible to a DLL injection attack. This vulnerability could be used to run arbitrary code on the victims host."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Uncontrolled Search Path Element", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-06-15T20:12:24.000Z", "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "shortName": "Zoom"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://explore.zoom.us/en/trust/security/security-bulletin/"}], "source": {"discovery": "USER"}, "title": "DLL injection in Zoom Opener installer for Zoom and Zoom Rooms clients", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@zoom.us", "DATE_PUBLIC": "2022-06-14T12:00:00.000Z", "ID": "CVE-2022-22788", "STATE": "PUBLIC", "TITLE": "DLL injection in Zoom Opener installer for Zoom and Zoom Rooms clients"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Zoom Client for Meetings", "version": {"version_data": [{"version_affected": "<", "version_value": "5.10.3"}]}}, {"product_name": "All Zoom Rooms for Conference Room for Windows", "version": {"version_data": [{"version_affected": "<", "version_value": "5.10.3"}]}}]}, "vendor_name": "Zoom Video Communications Inc"}]}}, "credit": [{"lang": "eng", "value": "Reported by James Tsz Ko Yeung"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Zoom Opener installer is downloaded by a user from the Launch meeting page, when attempting to join a meeting without having the Zoom Meeting Client installed. The Zoom Opener installer for Zoom Client for Meetings before version 5.10.3 and Zoom Rooms for Conference Room for Windows before version 5.10.3 are susceptible to a DLL injection attack. This vulnerability could be used to run arbitrary code on the victims host."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Uncontrolled Search Path Element"}]}]}, "references": {"reference_data": [{"name": "https://explore.zoom.us/en/trust/security/security-bulletin/", "refsource": "MISC", "url": "https://explore.zoom.us/en/trust/security/security-bulletin/"}]}, "source": {"discovery": "USER"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:21:49.153Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://explore.zoom.us/en/trust/security/security-bulletin/"}]}]}, "cveMetadata": {"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "assignerShortName": "Zoom", "cveId": "CVE-2022-22788", "datePublished": "2022-06-15T20:12:24.369Z", "dateReserved": "2022-01-07T00:00:00.000Z", "dateUpdated": "2024-09-16T20:17:33.912Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:windows:*:*", "matchCriteriaId": "9A9C49F0-3217-457C-A0B1-7F5C8E8CEC75", "versionEndExcluding": "5.10.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*", "matchCriteriaId": "D23D8639-6B13-4EA7-AA8B-08F359466343", "versionEndExcluding": "5.10.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Zoom Opener installer is downloaded by a user from the Launch meeting page, when attempting to join a meeting without having the Zoom Meeting Client installed. The Zoom Opener installer for Zoom Client for Meetings before version 5.10.3 and Zoom Rooms for Conference Room for Windows before version 5.10.3 are susceptible to a DLL injection attack. This vulnerability could be used to run arbitrary code on the victims host."}, {"lang": "es", "value": "El instalador de Zoom Opener es descargado por un usuario desde la p\u00e1gina de inicio de reuniones, cuando intenta unirse a una reuni\u00f3n sin tener instalado el cliente de reuniones de Zoom. El instalador de Zoom Opener para Zoom Client for Meetings versiones anteriores a 5.10.3 y Zoom Rooms for Conference Room para Windows versiones anteriores a 5.10.3, son susceptibles de un ataque de inyecci\u00f3n de DLL. Esta vulnerabilidad podr\u00eda usarse para ejecutar c\u00f3digo arbitrario en el host de la v\u00edctima"}], "id": "CVE-2022-22788", "lastModified": "2024-11-21T06:47:27.173", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security@zoom.us", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-06-15T21:15:09.243", "references": [{"source": "security@zoom.us", "tags": ["Vendor Advisory"], "url": "https://explore.zoom.us/en/trust/security/security-bulletin/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://explore.zoom.us/en/trust/security/security-bulletin/"}], "sourceIdentifier": "security@zoom.us", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}