CVE-2022-28766 LOW

CVE-2022-28766: DLL injection in Zoom Windows Clients

Vendor Zoom Video Communications Inc
Product Zoom Client for Meetings for Windows (32-bit)
Weakness CWE-94 · Code injection
Published November 17, 2022
Last update April 29, 2025

CVSS base score

3.3/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. A local low-privileged user could exploit this vulnerability to run arbitrary code in the context of the Zoom client.

Key dates

02Disclosure timeline

November 17, 2022 CVE published
April 29, 2025 Record updated