Nvidia specialists have fixed a number of serious vulnerabilities in GeForce Experience

Serious vulnerabilities in GeForce Experience
Written by Emma Davis

Nvidia has patched three serious vulnerabilities in GeForce Experience. Bugs allowed execute arbitrary code, escalate privileges, gain access to confidential information, or provoke a denial of service (DoS).

The vulnerabilities were found in all versions of GeForce Experience up to 3.20.5.70 and posed a threat to Windows systems. Fortunately, all vulnerabilities imply that attackers already have access to the system as a local user.

That is, these problems cannot be exploited remotely. However, it is still possible to abuse them, especially if hackers have already entered the system, and they need, for example, to increase their privileges.

The most dangerous of the three is CVE-2020-5977, which scored 8.2 out of 10 on the CVSS vulnerability rating scale.

The problem is related to the operation of the Helper NodeJS module and refers to the uncontrolled search path type. It can be used to escalate privileges and execute arbitrary code.write NVIDIA specialists.

The same bug allows disabling computers with a vulnerable version of GeForce Experience on board, provoking a denial of service (DoS) on the machines.

The second bug, CVE-2020-5990, was rated 7.3 on the CVSS scale and was found in the ShadowPlay component.

This vulnerability can also be used to escalate privileges, trigger denial of service, and can lead to information disclosure.said NVIDIA experts in the security bulletin.

The third and “simplest” vulnerability has the identifier CVE-2020-5978 (only 3.2 on the CVSS scale).

A flaw was found in the nvcontainer.exe service and can be used to escalate privileges and trigger a denial of service. However, to exploit this problem, the hacker-controlled account must already have LOCAL_SYSTEM privileges.said experts from NVIDIA.

Users are advised to update GeForce Experience to version 3.20.5.70 as soon as possible, as in this version all these issues have been fixed.

I must note that this is not the first vulnerability in GeForce Experience in a relatively short time. We have already mentioned that recently NVIDIA fixed a serious vulnerability in the program GeForce Experience, designed to quickly update video card drivers, optimize settings and stream gameplay.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply

Sending