Vulnerability Details : CVE-2015-7866
Unquoted Windows search path vulnerability in the Smart Maximize Helper (nvSmartMaxApp.exe) in the Control Panel in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows allows local users to gain privileges via a Trojan horse application, as demonstrated by C:\Program.exe.
Products affected by CVE-2015-7866
- cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:*:*:*
- cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:*:*:*
- cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-7866
0.17%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 34 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-7866
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
References for CVE-2015-7866
-
http://nvidia.custhelp.com/app/answers/detail/a_id/3806/kw/security
Security Bulletin: CVE-2015-7866: NVIDIA Control Panel Unquoted Path | NVIDIAVendor Advisory
-
https://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04971867
HP Support for Technical Help and Troubleshooting | HP® Customer Service.Third Party Advisory
-
http://www.securitytracker.com/id/1034175
NVIDIA Driver Windows Control Panel Unquoted Search Path Lets Local Users Gain Elevated Privileges - SecurityTrackerThird Party Advisory;VDB Entry
Jump to