Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Zoom Plugins for Microsoft Outlook for Windows by Zoom Video Communications Inc

    CVE-2022-22782 (GCVE-0-2022-22782)

    Vulnerability from nvd – Published: 2022-04-28 15:00 – Updated: 2024-09-17 02:37
    VLAI
    Title
    Local privilege escalation in Windows Zoom Clients
    Summary
    The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version 5.10.3, and Zoom VDI Windows Meeting Clients prior to version 5.9.6; was susceptible to a local privilege escalation issue during the installer repair operation. A malicious actor could utilize this to potentially delete system level files or folders, causing integrity or availability issues on the user’s host machine.
    CWE
    • Incorrect Privilege Assignment
    Assigner
    References
    Date Public
    2022-04-27 00:00
    Credits
    Zero Day Initiative
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:21:49.155Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Zoom Client for Meetings for Windows",
              "vendor": "Zoom Video Communications Inc",
              "versions": [
                {
                  "lessThan": "5.9.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Zoom Rooms for Conference Room for Windows",
              "vendor": "Zoom Video Communications Inc",
              "versions": [
                {
                  "lessThan": "5.10.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Zoom Plugins for Microsoft Outlook for Windows",
              "vendor": "Zoom Video Communications Inc",
              "versions": [
                {
                  "lessThan": "5.10.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Zoom VDI Windows Meeting Clients",
              "vendor": "Zoom Video Communications Inc",
              "versions": [
                {
                  "lessThan": "5.9.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Zero Day Initiative"
            }
          ],
          "datePublic": "2022-04-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version 5.10.3, and Zoom VDI Windows Meeting Clients prior to version 5.9.6; was susceptible to a local privilege escalation issue during the installer repair operation. A malicious actor could utilize this to potentially delete system level files or folders, causing integrity or availability issues on the user\u2019s host machine."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.9,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-28T15:00:14.000Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
            }
          ],
          "source": {
            "discovery": "USER"
          },
          "title": "Local privilege escalation in Windows Zoom Clients",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "Zoom Video Communications Inc",
              "ASSIGNER": "security@zoom.us",
              "DATE_PUBLIC": "2022-04-27T12:00:00.000Z",
              "ID": "CVE-2022-22782",
              "STATE": "PUBLIC",
              "TITLE": "Local privilege escalation in Windows Zoom Clients"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Zoom Client for Meetings for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.9.7"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Zoom Rooms for Conference Room for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.10.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Zoom Plugins for Microsoft Outlook for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.10.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Zoom VDI Windows Meeting Clients",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.9.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Zoom Video Communications Inc"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Zero Day Initiative"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version 5.10.3, and Zoom VDI Windows Meeting Clients prior to version 5.9.6; was susceptible to a local privilege escalation issue during the installer repair operation. A malicious actor could utilize this to potentially delete system level files or folders, causing integrity or availability issues on the user\u2019s host machine."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.9,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Incorrect Privilege Assignment"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://explore.zoom.us/en/trust/security/security-bulletin/",
                  "refsource": "MISC",
                  "url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
                }
              ]
            },
            "source": {
              "discovery": "USER"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2022-22782",
        "datePublished": "2022-04-28T15:00:14.188Z",
        "dateReserved": "2022-01-07T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:37:08.661Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22782 (GCVE-0-2022-22782)

    Vulnerability from cvelistv5 – Published: 2022-04-28 15:00 – Updated: 2024-09-17 02:37
    VLAI
    Title
    Local privilege escalation in Windows Zoom Clients
    Summary
    The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version 5.10.3, and Zoom VDI Windows Meeting Clients prior to version 5.9.6; was susceptible to a local privilege escalation issue during the installer repair operation. A malicious actor could utilize this to potentially delete system level files or folders, causing integrity or availability issues on the user’s host machine.
    CWE
    • Incorrect Privilege Assignment
    Assigner
    References
    Date Public
    2022-04-27 00:00
    Credits
    Zero Day Initiative
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:21:49.155Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Zoom Client for Meetings for Windows",
              "vendor": "Zoom Video Communications Inc",
              "versions": [
                {
                  "lessThan": "5.9.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Zoom Rooms for Conference Room for Windows",
              "vendor": "Zoom Video Communications Inc",
              "versions": [
                {
                  "lessThan": "5.10.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Zoom Plugins for Microsoft Outlook for Windows",
              "vendor": "Zoom Video Communications Inc",
              "versions": [
                {
                  "lessThan": "5.10.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Zoom VDI Windows Meeting Clients",
              "vendor": "Zoom Video Communications Inc",
              "versions": [
                {
                  "lessThan": "5.9.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Zero Day Initiative"
            }
          ],
          "datePublic": "2022-04-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version 5.10.3, and Zoom VDI Windows Meeting Clients prior to version 5.9.6; was susceptible to a local privilege escalation issue during the installer repair operation. A malicious actor could utilize this to potentially delete system level files or folders, causing integrity or availability issues on the user\u2019s host machine."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.9,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-28T15:00:14.000Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
            }
          ],
          "source": {
            "discovery": "USER"
          },
          "title": "Local privilege escalation in Windows Zoom Clients",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "Zoom Video Communications Inc",
              "ASSIGNER": "security@zoom.us",
              "DATE_PUBLIC": "2022-04-27T12:00:00.000Z",
              "ID": "CVE-2022-22782",
              "STATE": "PUBLIC",
              "TITLE": "Local privilege escalation in Windows Zoom Clients"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Zoom Client for Meetings for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.9.7"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Zoom Rooms for Conference Room for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.10.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Zoom Plugins for Microsoft Outlook for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.10.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Zoom VDI Windows Meeting Clients",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.9.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Zoom Video Communications Inc"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Zero Day Initiative"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version 5.10.3, and Zoom VDI Windows Meeting Clients prior to version 5.9.6; was susceptible to a local privilege escalation issue during the installer repair operation. A malicious actor could utilize this to potentially delete system level files or folders, causing integrity or availability issues on the user\u2019s host machine."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.9,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Incorrect Privilege Assignment"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://explore.zoom.us/en/trust/security/security-bulletin/",
                  "refsource": "MISC",
                  "url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
                }
              ]
            },
            "source": {
              "discovery": "USER"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2022-22782",
        "datePublished": "2022-04-28T15:00:14.188Z",
        "dateReserved": "2022-01-07T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:37:08.661Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }