NVIDIA GeForce Experience Remote Code Execution Vulnerability

Summary

NVIDIA GeForce Experience versions prior to 3.19 contains a vulnerability in the Web Helper component, in which an attacker with local system access can craft input that may not be properly validated. Such an attack may lead to code execution, denial of service or information disclosure.

Credit:

The information has been provided by  David Yesland
The original article can be found at: https://nvidia.custhelp.com/app/answers/detail/a_id/4806


Details

NVIDIA GeForce Experience is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition. 

Vulnerable Systems:

  • NVIDIA GeForce Experience

CVE Information:

CVE-2019-5678

Disclosure Timeline:
Publish Date:05/31/2019