Lucene search

K

[email protected]NVD:CVE-2015-7865

HistoryNov 24, 2015 - 8:59 p.m.

CVE-2015-7865

2015-11-2420:59:11

CWE-284

[email protected]

web.nvd.nist.gov

7.7 High

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:S/C:C/I:C/A:C

6.1 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

37.3%

nvSCPAPISvr.exe in the Stereoscopic 3D Driver Service in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows does not properly restrict access to the stereosvrpipe named pipe, which allows local users to gain privileges via a commandline in a number 2 command, which is stored in the HKEY_LOCAL_MACHINE explorer Run registry key, a different vulnerability than CVE-2011-4784.

Affected configurations

NVD

Node

nvidiagpu_driverRange340–341.92

OR

nvidiagpu_driverRange352–354.35

OR

nvidiagpu_driverRange358–358.87

AND

microsoftwindows

References

nvidia.custhelp.com/app/answers/detail/a_id/3807/kw/security

packetstormsecurity.com/files/134520/NVIDIA-Stereoscopic-3D-Driver-Service-Arbitrary-Run-Key-Creation.html

www.securitytracker.com/id/1034173

code.google.com/p/google-security-research/issues/detail?id=515

h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04971867

www.exploit-db.com/exploits/38792/

7.7 High

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:S/C:C/I:C/A:C

6.1 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

37.3%

Related for NVD:CVE-2015-7865

prion2 ubuntucve1 cvelist2 cve2 nvd1 msvr1 nessus1 lenovo1