CVE-2019-5695

NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution.
Configurations

Configuration 1 (hide)

cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

01 Jan 2022, 20:12

Type Values Removed Values Added
CVSS v2 : 4.4
v3 : 6.5
v2 : 6.9
v3 : 6.5
CWE CWE-426 CWE-427
References (MISC) https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695 - (MISC) https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695 - Exploit, Third Party Advisory

Information

Published : 2019-11-12 21:15

Updated : 2024-02-04 20:39


NVD link : CVE-2019-5695

Mitre link : CVE-2019-5695

CVE.ORG link : CVE-2019-5695


JSON object : View

Products Affected

nvidia

  • geforce_experience
  • gpu_driver

microsoft

  • windows
CWE
CWE-427

Uncontrolled Search Path Element