CVE-2019-5695

6.5MEDIUM

Key Information:

Vendor
Nvidia
Status
Nvidia Geforce Experience
Nvidia Windows Gpu Display Driver
Vendor
CVE Published:
12 November 2019

Summary

NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution.

Affected Version(s)

NVIDIA GeForce Experience prior to 3.20.1

NVIDIA Windows GPU Display Driver all versions

References

https://nvidia.custhelp.com/app/answers/detail/a_id/4907
x_refsource_CONFIRM
https://nvidia.custhelp.com/app/answers/detail/a_id/4860
x_refsource_CONFIRM
https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-fo...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.