CVE-2022-28755

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.11.0 are susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional attacks including the potential for remote code execution through launching executables from arbitrary paths.

Published: Aug 11, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-28755
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-601

Affected Software
References

Software	From	Fixed in
zoom / zoom	-	5.11.0
zoom / virtual_desktop_infrastructure	-	5.10.7

https://explore.zoom.us/en/trust/security/security-bulletin/

Vulnerability Database

289,697

CVE-2022-28755