vulnerability

Zoom Zoom: CVE-2022-28766: DLL injection in Zoom Windows Clients

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:L/AC:M/Au:S/C:C/I:C/A:P)	Nov 15, 2022	Nov 14, 2023	Feb 9, 2026

Severity

CVSS

(AV:L/AC:M/Au:S/C:C/I:C/A:P)

Published

Nov 15, 2022

Added

Nov 14, 2023

Modified

Feb 9, 2026

Description

Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. A local low-privileged user could exploit this vulnerability to run arbitrary code in the context of the Zoom client.Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates fromhttps://zoom.us/download.

Solution

zoom-zoom-upgrade-latest

References

CVE-2022-28766
https://attackerkb.com/topics/CVE-2022-28766
URL-https://www.zoom.com/en/trust/security-bulletin/ZSB-22027
CWE-94
CWE-427

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today