QwikSec

Security Database

CVE

CWE

Training

CVE-2019-5695

Published: Nov 12, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution.

Vendor	Product	Versions
NVIDIA	NVIDIA GeForce Experience	affected `prior to 3.20.1`
NVIDIA	NVIDIA Windows GPU Display Driver	affected `all versions`

References

https://nvidia.custhelp.com/app/answers/detail/a_id/4907

x_refsource_CONFIRM

https://nvidia.custhelp.com/app/answers/detail/a_id/4860

x_refsource_CONFIRM

https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.