Detections
Analytics

NVIDIA Display Driver 174.x < 307.78 / 310.x < 311.00 Multiple Vulnerabilities

high Nessus Plugin ID 83521

Language:

Synopsis

A video display service on the remote Windows host is affected by multiple privilege escalation vulnerabilities.

Description

The version of the NVIDIA Display Driver service on the remote Windows host is later than 174.00 but prior to 307.78, or later than 310.00 but prior to 311.00. It is therefore affected by the following vulnerabilities :

 - An privilege escalation vulnerability exists due to not properly handling exceptions. A local attacker, using a crafted application, could exploit this to overwrite memory, allowing the execution of arbitrary code or causing a denial of service. (CVE-2013-0109)

 - A privilege escalation vulnerability exists in the Stereoscopic 3D Driver service due to an unquoted service search path. A local attacker, using a trojan horse program, could exploit this to execute arbitrary code in the root path. (CVE-2013-0110)

 - A privilege escalation vulnerability exists in the Update Service Daemon due to an unquoted service search path. A local attacker, using a trojan horse program, could exploit this to execute arbitrary code in the root path. (CVE-2013-0111)

Solution

Upgrade to NVIDIA graphics drivers version 307.78 / 311.00 or later.

See Also

https://nvidia.custhelp.com/app/answers/detail/a_id/3288

Plugin Details

Severity: High

ID: 83521

File Name: nvidia_cve_2013_0109.nasl

Version: 1.6

Type: local

Agent: windows

Family: Windows

Published: 5/18/2015

Updated: 4/5/2023

Configuration: Enable paranoid mode

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2013-0109

Vulnerability Information

CPE: cpe:/a:nvidia:display_driver

Required KB Items: Settings/ParanoidReport, WMI/DisplayDrivers/NVIDIA

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/15/2013

Vulnerability Publication Date: 2/15/2013

Exploitable With

Metasploit (Nvidia (nvsvc) Display Driver Service Local Privilege Escalation)

Reference Information

CVE: CVE-2013-0109, CVE-2013-0110, CVE-2013-0111

BID: 58459, 58460, 58461

CERT: 957036