NVIDIA Display Driver 174.x < 307.78 / 310.x < 311.00 Multiple Vulnerabilities

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

A video display service on the remote Windows host is affected by
multiple privilege escalation vulnerabilities.

Description :

The version of the NVIDIA Display Driver service on the remote Windows
host is later than 174.00 but prior to 307.78, or later than 310.00
but prior to 311.00. It is therefore affected by the following
vulnerabilities :

- An privilege escalation vulnerability exists due to not
properly handling exceptions. A local attacker, using a
crafted application, could exploit this to overwrite
memory, allowing the execution of arbitrary code or
causing a denial of service. (CVE-2013-0109)

- A privilege escalation vulnerability exists in the
Stereoscopic 3D Driver service due to an unquoted
service search path. A local attacker, using a trojan
horse program, could exploit this to execute arbitrary
code in the root path. (CVE-2013-0110)

- A privilege escalation vulnerability exists in the
Update Service Daemon due to an unquoted service search
path. A local attacker, using a trojan horse program,
could exploit this to execute arbitrary code in the root
path. (CVE-2013-0111)

See also :

http://nvidia.custhelp.com/app/answers/detail/a_id/3288

Solution :

Upgrade to NVIDIA graphics drivers version 307.78 / 311.00 or later.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.6
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 83521 ()

Bugtraq ID: 58459
58460
58461

CVE ID: CVE-2013-0109
CVE-2013-0110
CVE-2013-0111

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now