Friday, May 3, 2019
Home / Security / Exploits / NVIDIA Display Driver Zero-Day Revealed by Researcher

NVIDIA Display Driver Zero-Day Revealed by Researcher

A new Zero-day has been discovered in NVIDIA’s display drivers and was disclosed by a security researcher, Peter Winter-Smith.

He tweeted the details if the vulnerability in the NVIDIA Display Driver and posted the information on Pastebin (he has removed the post).

The security fault, according to Winter-Smith, could enable attackers to gain administrator rights on Windows machines.

Winter-Smith said, “the service is vulnerable to a stack buffer overflow that bypasses data execution prevention (DEP) and address space layout randomization (ASLR) running in the Windows operating system since Windows Vista,” writes Threatpost’s Michael Mimoso. “‘The service listens on a named pipe (\pipe\nsvr) which has a NULL DACL configured, which should mean that any logged on user or remote user in a domain context (Windows firewall/file sharing permitting) should be able to exploit this vulnerability,’ Winter-Smith wrote on Pastebin.”

“Apparently, Winter-Smith didn’t tip Nvidia off before sharing the exploit publicly,” writes The Tech Report’s Cyril Kowaliski. “That’s because, he says, ‘The risk from this particular flaw being exploited was … sufficiently low that I didn’t think it would warrant the wait.'”

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Amazon hacked – hacker leaks 80,000 login credentials

A hacker going by the name 0x2Taylor has said to have breached the servers of …