CVE-2019-5695

Опубликовано: 12 нояб. 2019

Источник: nvd

CVSS3: 6.5

CVSS2: 6.9

EPSS Низкий

Описание

NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution.

Ссылки

https://nvidia.custhelp.com/app/answers/detail/a_id/4860
Patch
Vendor Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/4907
Patch
Vendor Advisory
https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695
Exploit
Third Party Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/4860
Patch
Vendor Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/4907
Patch
Vendor Advisory
https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*

Версия до 3.20.1 (исключая)

Конфигурация 2

Одновременно

cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 18%

0.00059

Низкий

6.5 Medium

CVSS3

6.9 Medium

CVSS2

Дефекты

CWE-427

Связанные уязвимости

GHSA-q4h2-45g8-3929

github

больше 3 лет назад