NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution.
References
Link | Resource |
---|---|
https://nvidia.custhelp.com/app/answers/detail/a_id/4860 | Patch Vendor Advisory |
https://nvidia.custhelp.com/app/answers/detail/a_id/4907 | Patch Vendor Advisory |
https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695 | Exploit Third Party Advisory |
https://nvidia.custhelp.com/app/answers/detail/a_id/4860 | Patch Vendor Advisory |
https://nvidia.custhelp.com/app/answers/detail/a_id/4907 | Patch Vendor Advisory |
https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695 | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 04:45
Type | Values Removed | Values Added |
---|---|---|
References | () https://nvidia.custhelp.com/app/answers/detail/a_id/4860 - Patch, Vendor Advisory | |
References | () https://nvidia.custhelp.com/app/answers/detail/a_id/4907 - Patch, Vendor Advisory | |
References | () https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695 - Exploit, Third Party Advisory |
Information
Published : 2019-11-12 21:15
Updated : 2024-11-21 04:45
NVD link : CVE-2019-5695
Mitre link : CVE-2019-5695
CVE.ORG link : CVE-2019-5695
JSON object : View
Products Affected
nvidia
- geforce_experience
- gpu_driver
microsoft
- windows
CWE
CWE-427
Uncontrolled Search Path Element