Exposure of Resource to Wrong Sphere in Zoom Workplace Desktop App for Windows and Zoom Workplace Desktop App for Linux - CVE-2021-28133

 

Exposure of Resource to Wrong Sphere in Zoom Workplace Desktop App for Windows and Zoom Workplace Desktop App for Linux - CVE-2021-28133

Published: March 22, 2021 / Updated: May 24, 2022


Vulnerability identifier: #VU51622
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-28133
CWE-ID:
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Zoom Video Communications, Inc.
Affected software:
Zoom Workplace Desktop App for Windows
Zoom Workplace Desktop App for Linux

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists within the screen lock functionality due to the way the Zoom client for Windows and Linux handles screen sharing. When a user shares a specific application window via the Share Screen functionality, other meeting participants can briefly see contents of other application windows that were explicitly not shared.


How to mitigate CVE-2021-28133

Install update from vendor's website.

Sources