CVE-2022-22788

HIGH

Zoom Meetings < 5.10.3 - Uncontrolled Search Path

Title source: rule

Description

The Zoom Opener installer is downloaded by a user from the Launch meeting page, when attempting to join a meeting without having the Zoom Meeting Client installed. The Zoom Opener installer for Zoom Client for Meetings before version 5.10.3 and Zoom Rooms for Conference Room for Windows before version 5.10.3 are susceptible to a DLL injection attack. This vulnerability could be used to run arbitrary code on the victims host.

References (1)

[Vendor Advisory] https://explore.zoom.us/en/trust/security/security-bulletin/

Scores

CVSS v3 7.1

EPSS 0.0061

EPSS Percentile 69.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (2)

zoom/meetings < 5.10.3

zoom/rooms < 5.10.3

Timeline

Published Jun 15, 2022

Tracked Since Feb 18, 2026