Untrusted search path in Intel Graphics Driver allows unprivileged user to elevate privileges via local access

Summary:

Untrusted Path which can potentially lead to an elevation of privilege. Reference CVE-2017-5696.

Description:

Older versions (1) of the some Intel® Graphics Drivers for Windows* (2) Code Branches contain a potentially untrusted search path which may allow a local attacker to execute code with elevated privilege.

Medium 6.3 CVSS:3:0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H

(1) Intel graphics driver version contain 3 or 4 numbers separated by a period. The first two numbers indicate the relevant code branch. The last number indicates if that driver is impacted by this vulnerability.

(2) Third party marks and brands are the property of their respective owners.

Affected products:

Mobile, Desktop, Server, Workstation, and Embedded platforms based on Intel® Core™ and Atom™ Processors using an identified driver.
The following table lists impacted driver code branches and the first version containing the recommended mitigation. Driver versions having the last number greater than, or equal to, the listed version are not impacted. Driver versions with the last number less than the listed version are impacted. Driver code branches not listed are not currently impacted.