NVIDIA Graphics Driver 340.x < 341.96 / 352.x < 354.99 / 361.x < 362.77 / 367.x < 368.39 Multiple Vulnerabilities

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host is affected by multiple vulnerabilities.

Description :

The version of the NVIDIA graphics driver installed on the remote
Windows host is 340.x prior to 341.96, 352.x prior to 354.99, 361.x
prior to 362.77, or 367.x prior to 368.39. It is, therefore, affected
by multiple vulnerabilities :

- A privilege escalation vulnerability exists in GFE
GameStream due to an unquoted search path. A local
attacker can exploit this, via a malicious executable in
the root path, to elevate privileges. (CVE-2016-3161)

- A denial of service vulnerability exists due to a NULL
pointer dereference flaw. An unauthenticated, remote
attacker can exploit this to cause a crash.
(CVE-2016-4959)

- A privilege escalation vulnerability exists in the
NVStreamKMS.sys driver due to improper sanitization of
user-supplied data passed via API entry points. A local
attacker can exploit this to gain elevated privileges.
(CVE-2016-4960)

- A denial of service vulnerability exists in the
NVStreamKMS.sys driver due to improper handling of
parameters. An unauthenticated, remote attacker can
exploit this to cause a crash. (CVE-2016-4961)

- A denial of service vulnerability exists in the NVAPI
support layer due to improper sanitization of
parameters. An unauthenticated, remote attacker can
exploit this to cause a crash. (CVE-2016-5025)

- A privilege escalation vulnerability exists in the
NVTray plugin due to an unquoted search path. A local
attacker can exploit this, via a malicious executable in
the root path, to elevate privileges. (CVE-2016-5852)

Note that CVE-2016-3161, CVE-2016-4960, CVE-2016-4961, and
CVE-2016-5852 only affect systems which also have GeForce Experience
software installed.

See also :

https://nvidia.custhelp.com/app/answers/detail/a_id/4213

Solution :

Upgrade the NVIDIA graphics driver to version 341.96 / 354.99 / 362.77
/ 368.39 or later. Alternatively, for CVE-2016-4959, apply the
mitigation referenced in the vendor advisory.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.4
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 93912 ()

Bugtraq ID:

CVE ID: CVE-2016-3161
CVE-2016-4959
CVE-2016-4960
CVE-2016-4961
CVE-2016-5025
CVE-2016-5852

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now