Jump to content

GeForce Experience Found Serious Vulnerability

Recommended Posts

NVIDIA corrected a serious bug in the program GeForce Experience, designed for the rapid update of video card drivers, optimization of settings and streaming of the game process. The vulnerability allows an attacker to expand their privileges on Windows or cause a computer malfunction.

As follows from the vendor's bulletin, the problem occurs when the GameStream function is enabled, which provides broadcasting of the game to TV set-top boxes, tablets and PCs. In this case, an attacker with local access to a computer can damage one of the system files and cause a denial of service condition or obtain permissions that are outside the scope of his set of rights.

Bug in GeForce Experience can be operated without user intervention

The vulnerability is registered as CVE-2019-5702 and is rated by the vendor at 8.4 points on the CVSS scale. Such a high rating is due to the fact that the operation does not require interaction with the user of the system, as well as the availability of special knowledge or skills. Information security specialists note that the use of additional malware allows you to conduct an attack remotely.

The disadvantage is present in all previous versions of GeForce Experience; the patch is included in release 3.20.2, which can be downloaded from the geforce.com downloads page or retrieved automatically when you open the client. NVIDIA representatives recommend that all users of the program upgrade to a safer build. The vendor thanked the Japanese researcher RyotaK , who discovered the vulnerability and reported it to the manufacturer.

In November of this year, NVIDIA already patched bugs in the GeForce Experience. One of the drawbacks, like CVE-2019-5702, was related to the GameStream service. The error, which received 7.8 points on the CVSS scale, allowed escalation of privileges by running third-party code. The result of the attack could be a leak of confidential information, as well as a system failure. The problem arose because of the possibility of loading a third-party DLL that was not signed by a legitimate developer.



Source: https://threatpost.ru/nvidia-geforce-experience-update-patches-dos-eop-vuln/35124/

  • Upvote 1
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...