Guru3D.com
  • HOME
  • NEWS
    • Channels
    • Archive
  • DOWNLOADS
    • New Downloads
    • Categories
    • Archive
  • GAME REVIEWS
  • ARTICLES
    • Rig of the Month
    • Join ROTM
    • PC Buyers Guide
    • Guru3D VGA Charts
    • Editorials
    • Dated content
  • HARDWARE REVIEWS
    • Videocards
    • Processors
    • Audio
    • Motherboards
    • Memory and Flash
    • SSD Storage
    • Chassis
    • Media Players
    • Power Supply
    • Laptop and Mobile
    • Smartphone
    • Networking
    • Keyboard Mouse
    • Cooling
    • Search articles
    • Knowledgebase
    • More Categories
  • FORUMS
  • NEWSLETTER
  • CONTACT

New Reviews
Netac NV7000 2 TB NVMe SSD Review
ASUS GeForce RTX 4080 Noctua OC Edition review
MSI Clutch GM51 Wireless mouse review
ASUS ROG STRIX B760-F Gaming WIFI review
Asus ROG Harpe Ace Aim Lab Edition mouse review
SteelSeries Arctis Nova Pro Headset review
Ryzen 7800X3D preview - 7950X3D One CCD Disabled
MSI VIGOR GK71 SONIC Blue keyboard review
AMD Ryzen 9 7950X3D processor review
FSP Hydro G Pro 1000W (ATX 3.0, 1000W PSU) review

New Downloads
Intel ARC graphics Driver Download Version: 31.0.101.4148
GeForce 531.29 WHQL driver download
CrystalDiskInfo 9.0.0 Beta3 Download
AMD Ryzen Master Utility Download 2.10.2.2367
AMD Radeon Software Adrenalin 23.3.1 WHQL download
Display Driver Uninstaller Download version 18.0.6.1
CPU-Z download v2.05
AMD Chipset Drivers Download 5.02.19.2221
GeForce 531.18 WHQL driver download
ReShade download v5.7.0


New Forum Topics
NVIDIA and Partners Unveil New Hopper Based Products and Services Featuring Powerful GPU for AI Palit Unveils the JetStream Series on GeForce RTX 4080 and RTX 4070 Ti Graphics Cards Failed 8,3 Years old WD Red drive 3TB (EFRX) - what now...? NVIDIA Brings Ultra-Realism to Video Games with AI and Path Tracing Technologies NVIDIA's Breakthrough in Computational Lithography to Accelerate Next-Gen Chip Design For ASML, TSMC Raja Koduri, Chief Architect of Intel's GPU Division, Leaves Intel DPReview Camera Website, to Close Its Doors After 25 Years Negative LOD Bias and DLSS ACER adds two New Full HD 100Hz Liquid Crystal Displays at a low price Review: Netac NV7000 2 TB NVMe SSD




Guru3D.com » News » Vulnerability detected in NVIDIA display driver service

Vulnerability detected in NVIDIA display driver service

by Hilbert Hagedoorn on: 12/27/2012 08:37 AM | source: | 3 comment(s)
Vulnerability detected in NVIDIA display driver service

A hacker called Peter Winter-Smith discovered a security hole in NVIDIA's display driver service that allows local and remote users (Windows firewall/file sharing permitting) to gain administrator privileges in Windows via a stack buffer overflow.


Mr. Winter-Smith posted a description and details of the exploit, in which he describes the NVIDIA Display Device server (NVVSVC) as listening on a pipe (a means by which different processes talk to each other) "pipensvr," which has an null/empty discretionary access control list (DACL, a security whitelist for users/groups), letting ordinary logged in local and remote users (firewall permitting, and the remote admin has a local account) to gain administrator rights to the system.







« AMD FX-8300 95W TDP CPU released this week · Vulnerability detected in NVIDIA display driver service · ASUS planning $149 7-inch tablet »

Related Stories

Samsung smartphones and tablets vulnerable to kernel attack - 12/18/2012 10:18 AM
ZD Net reports a wide range of Samsung smartphones and tablets with the company's Exynos 4412 and 4210 ARM-based processors are vulnerable to an attack that enables hackers to obtain root access on a...

Steam Security Vulnerability Found when Using Certain Browsers - 10/18/2012 06:45 AM
Steam Security Vulnerability Found when Using Certain Browsers. Some browsers will execute the steam:// protocol without so much as a single prompt to the user

Wi-Fi Protected Setup PIN Brute Force Vulnerability - 12/30/2011 01:38 PM
A researcher has discovered a security hole in WPS technology that affects millions of Wi-Fi routers around the world. A few weeks ago I decided to take a look at the Wi-Fi Protected Setup (WPS) techn...

ASUS's Wireless-N Gigabit Router RT-N56U is vulnerable - 08/30/2011 02:02 PM
If you purchased one, be on alert and upgrade to the latest firmware. ASUS's Wireless-N Gigabit Router RT-N56U contains a vulnerability which may allow a remote unauthenticated attacker to recover th...

Microsoft to plug 11 vulnerabilities on Patch Tuesday - 04/10/2010 12:24 PM
Microsoft announced this month's Patch Tuesday will feature 11 security bulletins addressing 25 vulnerabilities in Windows and Office. For Windows there are five critical updates, three important upda...


Veeshush
Senior Member



Posts: 1095
Joined: 2010-11-28

#4488896 Posted on: 12/28/2012 08:01 PM
Surprised no one is really saying much about this. A few replies over at the nvidia forum: https://forums.geforce.com/default/topic/526419/geforce-drivers/security-exploit-found-nvidia-drivers/

Threat Post: http://threatpost.com/en_us/blogs/nvidia-display-driver-service-attack-escalates-privileges-windows-machines-122712

I want to say from the little bit I've read the average user wouldn't have much to worry about as long as they have a firewall up.

lucidus
Senior Member



Posts: 11835
Joined: 2011-12-31

#4488901 Posted on: 12/28/2012 08:06 PM
From what I understand only Enterprises are vulnerable provided the firewall rules are relaxed. Meh.

Noisiv
Senior Member



Posts: 8199
Joined: 2010-11-16

#4488962 Posted on: 12/28/2012 09:38 PM
How about Pro with UAC, software and hardware firewall, and Secondary Logon Service disabled :)

What pisses me off is that multi-billion $ company does not have a single person dedicated for informing the public in a fast and accurate manner.
But if I was guessing, I'd say that NVIDIA is publicly ignoring this due to a manner that the exploit has been disclosed.

Winter-Smith said he wanted to share the exploit in a timely fashion, rather than report it.

“I am definitely not averse to responsible disclosure and typically do follow a responsible disclosure process, however the risk from this particular flaw being exploited was (is) sufficiently low that I didn't think it would warrant the wait,” he said.

Post New Comment
Click here to post a comment for this news story on the message forum.


Guru3D.com © 2023