CVE-2022-28766 is a vulnerability identified in the 32-bit Windows versions of Zoom Client for Meetings and Zoom Rooms for Conference Room prior to version 5.12.6. The flaw is categorized under CWE-94, which pertains to improper control of code generation, commonly referred to as code injection. Specifically, this vulnerability manifests as a DLL injection weakness that allows a local user with low privileges to inject a malicious DLL into the Zoom client process. By exploiting this, the attacker can execute arbitrary code within the context of the Zoom application. This type of attack does not require user interaction and can be performed with low attack complexity, but it does require local access with limited privileges. The vulnerability impacts confidentiality by potentially allowing unauthorized code execution, but it does not affect integrity or availability directly. The CVSS 3.1 base score is 3.3, reflecting a low severity primarily due to the requirement for local access and the limited scope of impact. No known exploits in the wild have been reported, and no patch links were provided in the source data, though Zoom has released versions 5.12.6 and later which presumably address this issue. The vulnerability is specific to 32-bit Windows Zoom clients, which are less common than 64-bit versions but still present in some enterprise environments. The attack vector is local, meaning remote exploitation is not feasible without prior system access.

For European organizations, the impact of CVE-2022-28766 is relatively limited but should not be dismissed. Since the vulnerability requires local access, it primarily poses a risk from insider threats or scenarios where an attacker has already compromised a low-privileged user account on a Windows 32-bit system running Zoom. Successful exploitation could allow an attacker to run arbitrary code within the Zoom client context, potentially leading to further lateral movement or data exposure within the affected system. Given Zoom's widespread use in European corporate, educational, and governmental sectors, especially for remote collaboration, any compromise of the Zoom client could undermine trust in communications and potentially expose sensitive meeting data or credentials stored or cached by the application. However, the low severity and absence of known remote exploitation reduce the immediate risk. The vulnerability is less likely to impact organizations that have migrated to 64-bit Zoom clients or other conferencing solutions. Nonetheless, organizations with legacy systems or mixed environments should consider this vulnerability in their risk assessments, particularly where local user access controls are weak or endpoint security is insufficient.

1. Upgrade all Zoom Client for Meetings and Zoom Rooms installations on Windows 32-bit systems to version 5.12.6 or later to ensure the vulnerability is patched. 2. Where possible, transition from 32-bit to 64-bit Zoom clients and Windows operating systems to reduce exposure to this and similar legacy vulnerabilities. 3. Enforce strict local user privilege management and limit the number of users with local access to systems running Zoom clients. 4. Implement application whitelisting and endpoint detection and response (EDR) solutions to monitor and block unauthorized DLL injections or suspicious process behaviors related to Zoom. 5. Conduct regular audits of installed software versions and system architectures across the organization to identify and remediate outdated or vulnerable clients. 6. Educate users about the risks of local privilege escalation and encourage reporting of unusual system behavior. 7. Use endpoint isolation techniques and network segmentation to contain potential compromises originating from local user accounts. 8. Monitor Zoom client logs and system event logs for anomalies that could indicate exploitation attempts.