M76
[H]F Junkie
- Joined
- Jun 12, 2012
- Messages
- 14,058
A security flaw was discovered by Rhino Security Labs in the Geforce Experience software by NVIDIA allowing arbitrary file writes. That can be exploited to run malicious batch files with privilege escalation.
"With an arbitrary file write, you can force an application to overwrite any file on the system as a privileged user. Often, this just means you can cause a denial of service by overwriting critical system files, but if you can control the data that is being written in some way, often you can do more with it.
This vulnerability allowed any system file to be overwritten due to insecure permissions set on log files which GFE writes data to as the SYSTEM user. Additionally, one log file contained data that could be user-controlled, allowing commands to be injected into it and then written to as a batch files leading to code execution on other users and potentially privilege escalation. I will also describe how this vulnerability could have been chained with a denial of service vulnerability to gain full privilege escalation."
NVIDIA has fixed the vulnerability in the latest march 26. release (v 3.18), so if you're using that you should be safe. Otherwise If you're a Geforce Experience user you should download the new version.
"With an arbitrary file write, you can force an application to overwrite any file on the system as a privileged user. Often, this just means you can cause a denial of service by overwriting critical system files, but if you can control the data that is being written in some way, often you can do more with it.
This vulnerability allowed any system file to be overwritten due to insecure permissions set on log files which GFE writes data to as the SYSTEM user. Additionally, one log file contained data that could be user-controlled, allowing commands to be injected into it and then written to as a batch files leading to code execution on other users and potentially privilege escalation. I will also describe how this vulnerability could have been chained with a denial of service vulnerability to gain full privilege escalation."
NVIDIA has fixed the vulnerability in the latest march 26. release (v 3.18), so if you're using that you should be safe. Otherwise If you're a Geforce Experience user you should download the new version.