← Retour aux CVEs
CVE-2019-5695
MEDIUM6.5
Description
NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution.
Details CVE
Score CVSS v3.16.5
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Vecteur d'attaqueLOCAL
ComplexiteLOW
Privileges requisHIGH
Interaction utilisateurREQUIRED
Publie11/12/2019
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
microsoft:windowsnvidia:geforce_experiencenvidia:gpu_driver
Faiblesses (CWE)
CWE-427
References
https://nvidia.custhelp.com/app/answers/detail/a_id/4860(psirt@nvidia.com)
https://nvidia.custhelp.com/app/answers/detail/a_id/4907(psirt@nvidia.com)
https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695(psirt@nvidia.com)
https://nvidia.custhelp.com/app/answers/detail/a_id/4860(af854a3a-2127-422b-91ae-364da2661108)
https://nvidia.custhelp.com/app/answers/detail/a_id/4907(af854a3a-2127-422b-91ae-364da2661108)
https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.