Main Vulnerability Database Vulnerabilities #VU760

Privilege Escalation in nVidia products - CVE-2016-5852

Published: October 5, 2016 / Updated: October 6, 2016

Vulnerability identifier: #VU760

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2016-5852

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: nVidia

Affected software:
NVS
Quandro
NVIDIA Windows GPU Display Driver

Detailed vulnerability description

The vulnerability allows a local authenticated user to obtain elevated privileges on the target system.

The vulnerability exists due to improper input validation in GFE GameStream and NVTray Plugin. A local user can bypass security restrictions and obtain elevated privileges on the system.

Successful exploitation of this vulnerability will allow the local attacker to obtain elevated privileges on vulnerable system and cause arbitrary code execution.

How to mitigate CVE-2016-5852

NVIDIA has released software updates at the following link: Geforce, NVS, or Quadro

Sources

http://nvidia.custhelp.com/app/answers/detail/a_id/4213/~/security-bulletin%25

Privilege Escalation in nVidia products - CVE-2016-5852

Detailed vulnerability description

How to mitigate CVE-2016-5852

Sources

Please verify you're human