Zoom Windows Info Disclosure before 5.13.3/5.13.5/5.13.1
CVE-2023-22880 Published on March 16, 2023
Information Disclosure in Zoom for Windows Clients
Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5.13.5 and Zoom VDI for Windows clients before 5.13.1 contain an information disclosure vulnerability. A recent update to the Microsoft Edge WebView2 runtime used by the affected Zoom clients, transmitted text to Microsofts online Spellcheck service instead of the local Windows Spellcheck. Updating Zoom remediates this vulnerability by disabling the feature. Updating Microsoft Edge WebView2 Runtime to at least version 109.0.1481.0 and restarting Zoom remediates this vulnerability by updating Microsofts telemetry behavior.
Vulnerability Analysis
CVE-2023-22880 is exploitable with network access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Weakness Type
What is an Information Disclosure Vulnerability?
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CVE-2023-22880 has been classified to as an Information Disclosure vulnerability or weakness.
Products Associated with CVE-2023-22880
Want to know whenever a new CVE is published for Zoom products? stack.watch will email you.
Affected Versions
Zoom Video Communications Inc Zoom for Windows:- Version unspecified and below 5.13.3 is affected.
- Version unspecified and below 5.13.3 is affected.
- Version unspecified and below 5.13.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.