Vulnerability Details : CVE-2013-0109
Public exploit exists!
The NVIDIA driver before 307.78, and Release 310 before 311.00, in the NVIDIA Display Driver service on Windows does not properly handle exceptions, which allows local users to gain privileges or cause a denial of service (memory overwrite) via a crafted application.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2013-0109
- cpe:2.3:a:nvidia:display_driver:*:-:*:*:*:windows:*:*
- cpe:2.3:a:nvidia:display_driver:310.00:-:*:*:*:windows:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-0109
0.38%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 73 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2013-0109
-
Nvidia (nvsvc) Display Driver Service Local Privilege Escalation
Disclosure Date: 2012-12-25First seen: 2020-04-26exploit/windows/local/nvidia_nvsvcThe named pipe, \pipe\nsvr, has a NULL DACL allowing any authenticated user to interact with the service. It contains a stacked based buffer overflow as a result of a memmove operation. Note the slight spelling differences: the executable is 'nvvsvc.exe',
CVSS scores for CVE-2013-0109
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2013-0109
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-0109
-
http://www.kb.cert.org/vuls/id/957036
VU#957036 - NVIDIA Windows video card drivers contain multiple vulnerabilitiesUS Government Resource
-
http://www.nvidia.com/object/product-security.html
Product SecurityPatch;Vendor Advisory
Jump to