Security Bulletin: NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe (repackaged Node.js)

2017-04-27T00:00:00
ID NVIDIA:4459
Type nvidia
Reporter Nvidia
Modified 2017-05-15T10:41:00

Description

Vulnerability Details

The following section summarizes the vulnerability and CVSS risk assessment.

CVE-2017-6250

NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code execution.

CVSS Base Score: 8.8
CVSS Temporal Score: 8.2
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C

NVIDIA’s risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation. NVIDIA recommends consulting a security or IT professional to evaluate the risk of your specific configuration.