CVE-2019-5695

MEDIUM

Description

NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution.

References

https://nvidia.custhelp.com/app/answers/detail/a_id/4860

https://nvidia.custhelp.com/app/answers/detail/a_id/4907

https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695

Details

Source: MITRE

Published: 2019-11-12

Updated: 2019-11-18

Type: CWE-426

Risk Information

CVSS v2.0

Base Score: 4.4

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 3.4

Severity: MEDIUM

CVSS v3.0

Base Score: 6.5

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 0.6

Severity: MEDIUM