ID CVE-2015-7866
Summary Unquoted Windows search path vulnerability in the Smart Maximize Helper (nvSmartMaxApp.exe) in the Control Panel in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows allows local users to gain privileges via a Trojan horse application, as demonstrated by C:\Program.exe. <a href="http://cwe.mitre.org/data/definitions/428.html" rel="nofollow">CWE-428: Unquoted Search Path or Element</a>
References
Vulnerable Configurations
  • cpe:2.3:a:nvidia:gpu_driver:340:*:*:*:*:*:*:*
    cpe:2.3:a:nvidia:gpu_driver:340:*:*:*:*:*:*:*
  • cpe:2.3:a:nvidia:gpu_driver:340.52:*:*:*:*:*:*:*
    cpe:2.3:a:nvidia:gpu_driver:340.52:*:*:*:*:*:*:*
  • cpe:2.3:a:nvidia:gpu_driver:340.65:*:*:*:*:*:*:*
    cpe:2.3:a:nvidia:gpu_driver:340.65:*:*:*:*:*:*:*
  • cpe:2.3:a:nvidia:gpu_driver:340.76:*:*:*:*:*:*:*
    cpe:2.3:a:nvidia:gpu_driver:340.76:*:*:*:*:*:*:*
  • cpe:2.3:a:nvidia:gpu_driver:340.96:*:*:*:*:*:*:*
    cpe:2.3:a:nvidia:gpu_driver:340.96:*:*:*:*:*:*:*
  • cpe:2.3:a:nvidia:gpu_driver:352:*:*:*:*:*:*:*
    cpe:2.3:a:nvidia:gpu_driver:352:*:*:*:*:*:*:*
  • cpe:2.3:a:nvidia:gpu_driver:352.0:*:*:*:*:*:*:*
    cpe:2.3:a:nvidia:gpu_driver:352.0:*:*:*:*:*:*:*
  • cpe:2.3:a:nvidia:gpu_driver:352.09:*:*:*:*:*:*:*
    cpe:2.3:a:nvidia:gpu_driver:352.09:*:*:*:*:*:*:*
  • cpe:2.3:a:nvidia:gpu_driver:352.63:*:*:*:*:*:*:*
    cpe:2.3:a:nvidia:gpu_driver:352.63:*:*:*:*:*:*:*
  • cpe:2.3:a:nvidia:gpu_driver:358:*:*:*:*:*:*:*
    cpe:2.3:a:nvidia:gpu_driver:358:*:*:*:*:*:*:*
  • cpe:2.3:a:nvidia:gpu_driver:358.16:*:*:*:*:*:*:*
    cpe:2.3:a:nvidia:gpu_driver:358.16:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 13-02-2019 - 21:23)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
assigner via4 cve@mitre.org
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
refmap via4
confirm http://nvidia.custhelp.com/app/answers/detail/a_id/3806/kw/security
hp HPSBHF03545
sectrack 1034175
vulnerable_product via4
  • cpe:2.3:a:nvidia:gpu_driver:340:*:*:*:*:*:*:*
  • cpe:2.3:a:nvidia:gpu_driver:340.52:*:*:*:*:*:*:*
  • cpe:2.3:a:nvidia:gpu_driver:340.65:*:*:*:*:*:*:*
  • cpe:2.3:a:nvidia:gpu_driver:340.76:*:*:*:*:*:*:*
  • cpe:2.3:a:nvidia:gpu_driver:340.96:*:*:*:*:*:*:*
  • cpe:2.3:a:nvidia:gpu_driver:352:*:*:*:*:*:*:*
  • cpe:2.3:a:nvidia:gpu_driver:352.0:*:*:*:*:*:*:*
  • cpe:2.3:a:nvidia:gpu_driver:352.09:*:*:*:*:*:*:*
  • cpe:2.3:a:nvidia:gpu_driver:352.63:*:*:*:*:*:*:*
  • cpe:2.3:a:nvidia:gpu_driver:358:*:*:*:*:*:*:*
  • cpe:2.3:a:nvidia:gpu_driver:358.16:*:*:*:*:*:*:*
Last major update 13-02-2019 - 21:23
Published 24-11-2015 - 20:59
Back to Top