Unquoted Service Path Vulnerability in NVIDIA Products
CVE-2016-5852

7.8HIGH

Key Information:

Vendor
Nvidia
Status
Quadro, Nvs, Geforce (all Versions)
Vendor
CVE Published:
8 November 2016

Summary

The unquoted service path vulnerability in NVIDIA products, including Quadro, NVS, and GeForce, involves the GFE GameStream and NVTray Plugin. This flaw occurs when the service installation path is not properly quoted, allowing an attacker to place a malicious executable in a directory and exploit this oversight. If successfully executed, the attack could lead to the execution of untrusted code with system or user privileges, potentially compromising the integrity of the affected systems.

Affected Version(s)

Quadro, NVS, GeForce (all ) Quadro, NVS, GeForce (all versions)

References

http://nvidia.custhelp.com/app/answers/detail/a_id/4213
x_refsource_CONFIRM
https://support.lenovo.com/us/en/product_security/ps500070
x_refsource_CONFIRM
http://www.securityfocus.com/bid/93251
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.