CVE-2019-5701

Опубликовано: 09 нояб. 2019

Источник: nvd

CVSS3: 7.8

CVSS2: 6.2

EPSS Низкий

Описание

NVIDIA GeForce Experience, all versions prior to 3.20.0.118, contains a vulnerability when GameStream is enabled in which an attacker with local system access can load the Intel graphics driver DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service, information disclosure, or escalation of privileges through code execution.

Ссылки

https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-011.md
Third Party Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/4860
Patch
Vendor Advisory
https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-011.md
Third Party Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/4860
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*

Версия до 3.20.0.118 (исключая)

EPSS

Процентиль: 13%

0.00043

Низкий

7.8 High

CVSS3

6.2 Medium

CVSS2

Дефекты

CWE-427

Связанные уязвимости

GHSA-9h79-7r6p-mmw3

github

больше 3 лет назад

NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability when GameStream is enabled in which an attacker with local system access can load the Intel graphics driver DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service, information disclosure, or escalation of privileges through code execution.