Published: 18/03/2021 Updated: 26/03/2021
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Vulnerability Summary

Zoom up to and including 5.5.4 sometimes allows malicious users to read private information on a participant's screen, even though the participant never attempted to share the private part of their screen. When a user shares a specific application window via the Share Screen functionality, other meeting participants can briefly see contents of other application windows that were explicitly not shared. The contents of these other windows can (for instance) be seen for a short period of time when they overlay the shared window and get into focus. (An attacker can, of course, use a separate screen-recorder application, unsupported by Zoom, to save all such contents for later replays and analysis.) Depending on the unintentionally shared data, this short exposure of screen contents may be a more or less severe security issue.

Most Upvoted Vulmon Research Post

Zoom Unintended Screen Sharing Vulnerability POC:

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

zoom zoom

Mailing Lists

Zoom versions 543 (547791115) and 554 (131420301) temporarily shares other application windows not in scope for sharing ...
Advisory ID: SYSS-2020-044 Product: Zoom Manufacturer: Zoom Video Communications, Inc Affected Version(s): 543 (547791115) 554 (131420301) Tested Version(s): 543 (547791115) 554 (131420301) Vulnerability Type: Exposure of Resource to Wrong Sphere (CWE-668) Risk Level: Medium Solution Status: Open ...

Recent Articles

Zoom Screen-Sharing Glitch ‘Briefly’ Leaks Sensitive Data
Threatpost • Lindsey O'Donnell • 18 Mar 2021

A security blip in the current version of Zoom could inadvertently leak users’ data to other meeting participants on a call. However, the data is only leaked briefly, making a potential attack difficult to carry out.
The flaw (CVE-2021-28133) stems from a glitch in the screen sharing function of video conferencing platform Zoom. This function allows users to share the contents of their screen with other participants in a Zoom conferencing call. They have the option to share their entire ...