Vulnerability Details : CVE-2013-0109
Public exploit exists!
The NVIDIA driver before 307.78, and Release 310 before 311.00, in the NVIDIA Display Driver service on Windows does not properly handle exceptions, which allows local users to gain privileges or cause a denial of service (memory overwrite) via a crafted application.
Vulnerability category: OverflowDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2013-0109
Probability of exploitation activity in the next 30 days: 0.07%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 26 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2013-0109
-
Nvidia (nvsvc) Display Driver Service Local Privilege Escalation
Disclosure Date: 2012-12-25First seen: 2020-04-26exploit/windows/local/nvidia_nvsvcThe named pipe, \pipe\nsvr, has a NULL DACL allowing any authenticated user to interact with the service. It contains a stacked based buffer overflow as a result of a memmove operation. Note the slight spelling differences: the executable is 'nvvsvc.exe',
CVSS scores for CVE-2013-0109
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2013-0109
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-0109
-
http://www.kb.cert.org/vuls/id/957036
VU#957036 - NVIDIA Windows video card drivers contain multiple vulnerabilitiesUS Government Resource
-
http://www.nvidia.com/object/product-security.html
Product SecurityPatch;Vendor Advisory
Products affected by CVE-2013-0109
- cpe:2.3:a:nvidia:display_driver:*:-:*:*:*:windows:*:*
- cpe:2.3:a:nvidia:display_driver:310.00:-:*:*:*:windows:*:*