A new Zero-day has been discovered in NVIDIA’s display drivers and was disclosed by a security researcher, Peter Winter-Smith.
The security fault, according to Winter-Smith, could enable attackers to gain administrator rights on Windows machines.
Winter-Smith said, “the service is vulnerable to a stack buffer overflow that bypasses data execution prevention (DEP) and address space layout randomization (ASLR) running in the Windows operating system since Windows Vista,” writes Threatpost’s Michael Mimoso. “‘The service listens on a named pipe (\pipe\nsvr) which has a NULL DACL configured, which should mean that any logged on user or remote user in a domain context (Windows firewall/file sharing permitting) should be able to exploit this vulnerability,’ Winter-Smith wrote on Pastebin.”
“Apparently, Winter-Smith didn’t tip Nvidia off before sharing the exploit publicly,” writes The Tech Report’s Cyril Kowaliski. “That’s because, he says, ‘The risk from this particular flaw being exploited was … sufficiently low that I didn’t think it would warrant the wait.'”