Unquoted Service Path Vulnerability in NVIDIA Quadro, NVS, and GeForce Products
CVE-2016-3161

7.8HIGH

Key Information:

Vendor
Nvidia
Status
Quadro, NVS, GeForce (all versions)
Vendor
CVE Published:
8 November 2016

Summary

The unquoted service path vulnerability in NVIDIA's GameStream, as seen in Quadro, NVS, and GeForce products, allows for potential exploitation that could enable the execution of malicious code with system or user-level privileges. This vulnerability arises from improper handling of service installation paths, leading attackers to inject malicious payloads. Implementing security best practices can mitigate the risk associated with this vulnerability.

Affected Version(s)

Quadro, NVS, GeForce (all ) Quadro, NVS, GeForce (all versions)

References

http://nvidia.custhelp.com/app/answers/detail/a_id/4213
x_refsource_CONFIRM
https://support.lenovo.com/us/en/product_security/ps500070
x_refsource_CONFIRM
http://www.securityfocus.com/bid/93251
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.