PT-2015-2747 · Nvidia · Nvidia Gpu Graphics Driver

James Forshaw

Published

2015-11-24

Updated

2019-02-13

CVE-2015-7865

CVSS v2.0

7.7

High

Vector

AV:A/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions NVIDIA GPU graphics driver versions R340 through 341.92 NVIDIA GPU graphics driver versions R352 through 354.35 NVIDIA GPU graphics driver versions R358 through 358.87

Description The issue is related to insufficient access control in the nvSCPAPISvr.exe file of the Stereoscopic 3D Driver Service component. Exploitation of this issue can allow a local attacker to elevate privileges using the command line, leveraging registry keys stored in HKEY LOCAL MACHINE.

Recommendations For versions R340 through 341.92, update to version 341.92 or later. For versions R352 through 354.35, update to version 354.35 or later. For versions R358 through 358.87, update to version 358.87 or later.

Exploit

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

BDU:2015-12112

CVE-2015-7865

Affected Products

Nvidia Gpu Graphics Driver

PT-2015-2747 · Nvidia · Nvidia Gpu Graphics Driver

CVE-2015-7865

Weakness Enumeration

Related Identifiers

Affected Products

References · 8