Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2021-28133

Published: 18/03/2021 Updated: 26/03/2021
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Zoom

Vulnerability Summary

Zoom up to and including 5.5.4 sometimes allows malicious users to read private information on a participant's screen, even though the participant never attempted to share the private part of their screen. When a user shares a specific application window via the Share Screen functionality, other meeting participants can briefly see contents of other application windows that were explicitly not shared. The contents of these other windows can (for instance) be seen for a short period of time when they overlay the shared window and get into focus. (An attacker can, of course, use a separate screen-recorder application, unsupported by Zoom, to save all such contents for later replays and analysis.) Depending on the unintentionally shared data, this short exposure of screen contents may be a more or less severe security issue.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

zoom zoom

Exploits

Exploit DB: Zoom 5.4.3 (54779.1115) / 5.5.4 (13142.0301) Information Disclosure
Zoom versions 543 (547791115) and 554 (131420301) temporarily shares other application windows not in scope for sharing ...

References

CWE-200http://packetstormsecurity.com/files/161897/Zoom-5.4.3-54779.1115-5.5.4-13142.0301-Information-Disclosure.htmlhttp://seclists.org/fulldisclosure/2021/Mar/48https://thehackernews.com/2021/03/new-zoom-screen-sharing-bug-lets-other.htmlhttps://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-044.txthttps://www.syss.de/pentest-blog/syss-2020-044-sicherheitsproblem-in-screen-sharing-funktionalitaet-von-zoom-cve-2021-28133https://www.youtube.com/watch?v=SonmmgQlLzghttps://zoom.us/trust/security/security-bulletinhttps://nvd.nist.govhttps://packetstormsecurity.com/files/161897/Zoom-5.4.3-54779.1115-5.5.4-13142.0301-Information-Disclosure.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32744privilege escalationCVE-2024-30253CVE-2024-3914cross-site scriptingCVE-2024-31497CVE-2024-3400CVE-2024-32341hardcoded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook