Issued: Thursday, 27 October, 2022 |
Last Revision: Thursday, 27 October, 2022 |
Vendor: |
Product: |
Severity Level: |
A High severity Remote Code Execution vulnerability has been identified in Zoom applications.
The vulnerability is related to Improper URL parsing. An attacker could send malicious Zoom meeting URL which may redirect the user to connect to an arbitrary network and do lateral movements for remote code execution through launching executables from arbitrary paths.
| CVE/Vulnerability | Description | CVSS Score | Exploitable |
| |
| CVE-2022-28763 | Improper URL parsing in Zoom Clients | 8.8 | No |
| |
Table 1: Vulnerability details
|
| |||
| CVE/Vulnerability | Product(s) Detail |
| |
| CVE-2022-28763 | Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) prior version to 5.12.2
Zoom VDI Windows Meeting Clients prior version to 5.12.2
Zoom Rooms for Conference Room prior version to 5.12.2 |
| |
Table 2: Vulnerable versions
Zoom recommends to update the affected versions to latest.