ID CVE-2015-7865
Summary nvSCPAPISvr.exe in the Stereoscopic 3D Driver Service in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows does not properly restrict access to the stereosvrpipe named pipe, which allows local users to gain privileges via a commandline in a number 2 command, which is stored in the HKEY_LOCAL_MACHINE explorer Run registry key, a different vulnerability than CVE-2011-4784.
Vulnerable Configurations
  • NVIDIA GPU Driver 340.52
  • nVidia GPU Driver 340.65
  • nVidia GPU Driver 352.0
  • Microsoft Windows
Base: 7.7 (as of 19-08-2016 - 16:07)
  • Embedding Scripts within Scripts
    An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute scripts. The attacker leverages this capability to execute scripts to execute his/her own script by embedding it within other scripts that the target software is likely to execute. The attacker must have the ability to inject script into script that is likely to be executed. If this is done, then the attacker can potentially launch a variety of probes and attacks against the web server's local environment, in many cases the so-called DMZ, back end resources the web server can communicate with, and other hosts. With the proliferation of intermediaries, such as Web App Firewalls, network devices, and even printers having JVMs and Web servers, there are many locales where an attacker can inject malicious scripts. Since this attack pattern defines scripts within scripts, there are likely privileges to execute said attack on the host. Of course, these attacks are not solely limited to the server side, client side scripts like Ajax and client side JavaScript can contain malicious scripts as well. In general all that is required is for there to be sufficient privileges to execute a script, but not protected against writing.
  • Signature Spoofing by Key Theft
    An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
exploit-db via4
description NVIDIA Stereoscopic 3D Driver Service - Arbitrary Run Key Creation. CVE-2015-7865. Local exploit for windows platform
file exploits/windows/local/38792.txt
id EDB-ID:38792
last seen 2016-02-04
modified 2015-11-23
platform windows
published 2015-11-23
reporter Google Security Research
title NVIDIA Stereoscopic 3D Driver Service - Arbitrary Run Key Creation
type local
nessus via4
NASL family Windows
description The version of the NVIDIA graphics driver installed on the remote Windows host is 340.x prior to 341.92, 352.x prior to 354.35, or 358.x prior to 358.87. It is, therefore, affected by multiple vulnerabilities : - A privilege escalation vulnerability exists in the Stereoscopic 3D Driver Service due to improper restriction of access to the 'stereosvrpipe' named pipe. An adjacent attacker can exploit this to execute arbitrary command line arguments, resulting in an escalation of privileges. (CVE-2015-7865) - A privilege escalation vulnerability exists due to an unquoted Windows search path issue in the Smart Maximize Helper (nvSmartMaxApp.exe). A local attacker can exploit this to escalate privileges. (CVE-2015-7866) - Multiple privilege escalation vulnerabilities exist in the NVAPI support layer due to multiple unspecified integer overflow conditions in the underlying kernel mode driver. A local attacker can exploit these issues to gain access to uninitialized or out-of-bounds memory, resulting in an escalation of privileges. (CVE-2015-7869, CVE-2015-8328)
last seen 2019-02-21
modified 2018-07-16
plugin id 87412
published 2015-12-16
reporter Tenable
title NVIDIA Graphics Driver 340.x < 341.92 / 352.x < 354.35 / 358.x < 358.87 Multiple Vulnerabilities
refmap via4
exploit-db 38792
hp HPSBHF03545
sectrack 1034173
Last major update 07-12-2016 - 13:25
Published 24-11-2015 - 15:59
Last modified 13-02-2019 - 16:10
Back to Top