← Volver a CVEs
CVE-2019-5695
MEDIUM6.5
Descripcion
NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution.
Detalles CVE
Puntuacion CVSS v3.16.5
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Vector de ataqueLOCAL
ComplejidadLOW
Privilegios requeridosHIGH
Interaccion usuarioREQUIRED
Publicado11/12/2019
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
microsoft:windowsnvidia:geforce_experiencenvidia:gpu_driver
Debilidades (CWE)
CWE-427
Referencias
https://nvidia.custhelp.com/app/answers/detail/a_id/4860(psirt@nvidia.com)
https://nvidia.custhelp.com/app/answers/detail/a_id/4907(psirt@nvidia.com)
https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695(psirt@nvidia.com)
https://nvidia.custhelp.com/app/answers/detail/a_id/4860(af854a3a-2127-422b-91ae-364da2661108)
https://nvidia.custhelp.com/app/answers/detail/a_id/4907(af854a3a-2127-422b-91ae-364da2661108)
https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.