CVE-2019-5695

NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution.
Configurations

Configuration 1 (hide)

cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:45

Type Values Removed Values Added
References () https://nvidia.custhelp.com/app/answers/detail/a_id/4860 - Patch, Vendor Advisory () https://nvidia.custhelp.com/app/answers/detail/a_id/4860 - Patch, Vendor Advisory
References () https://nvidia.custhelp.com/app/answers/detail/a_id/4907 - Patch, Vendor Advisory () https://nvidia.custhelp.com/app/answers/detail/a_id/4907 - Patch, Vendor Advisory
References () https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695 - Exploit, Third Party Advisory () https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695 - Exploit, Third Party Advisory

Information

Published : 2019-11-12 21:15

Updated : 2024-11-21 04:45


NVD link : CVE-2019-5695

Mitre link : CVE-2019-5695

CVE.ORG link : CVE-2019-5695


JSON object : View

Products Affected

nvidia

  • geforce_experience
  • gpu_driver

microsoft

  • windows
CWE
CWE-427

Uncontrolled Search Path Element