Sign-up

ID

VAR-201611-0264


CVE

CVE-2016-5852


TITLE

plural NVIDIA Product GFE GameStream and NVTray Plug-in malicious code execution vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-005840

DESCRIPTION

For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. A successful exploit of a vulnerable service installation can enable malicious code to execute on the system at the system/user privilege level. The CVE-2016-5852 ID is for the NVTray Plugin unquoted service path. Supplementary information : CWE Vulnerability type by CWE-428: Unquoted Search Path or Element ( Unquoted search path or element ) Has been identified. https://cwe.mitre.org/data/definitions/428.htmlMalicious code can be executed on the system. Multiple NVIDIA products are prone to multiple local privilege-escalation vulnerabilities and multiple local denial-of-service vulnerabilities. Local attackers can exploit these issues to gain elevated privileges or cause a denial-of-service condition

Trust: 1.89

sources: NVD: CVE-2016-5852 // JVNDB: JVNDB-2016-005840 // BID: 93251

AFFECTED PRODUCTS

vendor:nvidiamodel:geforce experiencescope:lteversion: -

Trust: 1.0

vendor:nvidiamodel:geforce experiencescope:eqversion:(windows)

Trust: 0.8

vendor:nvidiamodel:geforce experiencescope:eqversion: -

Trust: 0.6

vendor:nvidiamodel:quadro r367scope:eqversion:0

Trust: 0.3

vendor:nvidiamodel:quadro r361scope:eqversion:0

Trust: 0.3

vendor:nvidiamodel:quadro r352scope:eqversion:0

Trust: 0.3

vendor:nvidiamodel:quadro r340scope:eqversion:0

Trust: 0.3

vendor:nvidiamodel:nvs r367scope:eqversion:0

Trust: 0.3

vendor:nvidiamodel:nvs r361scope:eqversion:0

Trust: 0.3

vendor:nvidiamodel:nvs r352scope:eqversion:0

Trust: 0.3

vendor:nvidiamodel:nvs r340scope:eqversion:0

Trust: 0.3

vendor:nvidiamodel:geforce r367scope:eqversion:0

Trust: 0.3

vendor:nvidiamodel:geforce r340scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkstationscope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkserverscope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpadscope:eqversion:0

Trust: 0.3

vendor:lenovomodel:systemscope:eqversion:x0

Trust: 0.3

vendor:lenovomodel:ideapadscope:eqversion:0

Trust: 0.3

vendor:lenovomodel:desktopscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:systemscope:eqversion:x0

Trust: 0.3

vendor:nvidiamodel:quadro r367scope:neversion:368.39

Trust: 0.3

vendor:nvidiamodel:quadro r361scope:neversion:362.77

Trust: 0.3

vendor:nvidiamodel:quadro r352scope:neversion:354.99

Trust: 0.3

vendor:nvidiamodel:quadro r340scope:neversion:341.96

Trust: 0.3

vendor:nvidiamodel:nvs r367scope:neversion:368.39

Trust: 0.3

vendor:nvidiamodel:nvs r361scope:neversion:362.77

Trust: 0.3

vendor:nvidiamodel:nvs r352scope:neversion:354.99

Trust: 0.3

vendor:nvidiamodel:nvs r340scope:neversion:341.96

Trust: 0.3

vendor:nvidiamodel:geforce r367scope:neversion:368.69

Trust: 0.3

vendor:nvidiamodel:geforce r340scope:neversion:341.96

Trust: 0.3

sources: BID: 93251 // JVNDB: JVNDB-2016-005840 // CNNVD: CNNVD-201610-123 // NVD: CVE-2016-5852

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-5852
value: HIGH

Trust: 1.0

NVD: CVE-2016-5852
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201610-123
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2016-5852
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2016-5852
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: JVNDB: JVNDB-2016-005840 // CNNVD: CNNVD-201610-123 // NVD: CVE-2016-5852

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2016-005840 // NVD: CVE-2016-5852

THREAT TYPE

local

Trust: 0.9

sources: BID: 93251 // CNNVD: CNNVD-201610-123

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201610-123

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-005840

PATCH
title:Security Bulletin: Multiple vulnerabilities affect Quadro, NVS, and GeForce Windows based systemsurl:http://nvidia.custhelp.com/app/answers/detail/a_id/4213
Trust: 0.8
title:NVIDIA Quadro , NVS  and GeForce GFE GameStream  and NVTray Fixes for plugin denial of service vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65441
Trust: 0.6
title:NVIDIA Quadro , NVS  and GeForce GFE GameStream  and NVTray Fixes for plugin denial of service vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65292
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-005840 // 
            
            
            
            CNNVD: CNNVD-201610-123

EXTERNAL IDS
db:NVDid:CVE-2016-5852
Trust: 2.7
db:BIDid:93251
Trust: 1.3
db:JVNDBid:JVNDB-2016-005840
Trust: 0.8
db:CNNVDid:CNNVD-201610-123
Trust: 0.6
sources:
            
            
            BID: 93251 // 
            
            
            
            JVNDB: JVNDB-2016-005840 // 
            
            
            
            CNNVD: CNNVD-201610-123 // 
            
            
            
            NVD: CVE-2016-5852

REFERENCES
url:http://nvidia.custhelp.com/app/answers/detail/a_id/4213
Trust: 1.6
url:https://support.lenovo.com/us/en/product_security/ps500070
Trust: 1.3
url:http://www.securityfocus.com/bid/93251
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5852
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5852
Trust: 0.8
url:https://support.lenovo.com/us/zh/product_security/ps500070
Trust: 0.6
url:http://www.nvidia.com
Trust: 0.3
url:http://nvidia.custhelp.com/app/answers/detail/a_id/4213/~/security-bulletin%3a-multiple-vulnerabilities-affect-quadro,-nvs,-and-geforce
Trust: 0.3
sources:
            
            
            BID: 93251 // 
            
            
            
            JVNDB: JVNDB-2016-005840 // 
            
            
            
            CNNVD: CNNVD-201610-123 // 
            
            
            
            NVD: CVE-2016-5852

CREDITS
Alin Ghica, Joseph Bialek of Microsoft Vulnerability Research and Daniel Cornel.
Trust: 0.3
sources:
            
            
            BID: 93251

SOURCES
db:BIDid:93251
db:JVNDBid:JVNDB-2016-005840
db:CNNVDid:CNNVD-201610-123
db:NVDid:CVE-2016-5852

LAST UPDATE DATE
2024-11-23T22:01:22.804000+00:00

SOURCES UPDATE DATE
db:BIDid:93251date:2016-10-03T00:03:00
db:JVNDBid:JVNDB-2016-005840date:2016-11-14T00:00:00
db:CNNVDid:CNNVD-201610-123date:2016-11-09T00:00:00
db:NVDid:CVE-2016-5852date:2024-11-21T02:55:08.420

SOURCES RELEASE DATE
db:BIDid:93251date:2016-08-11T00:00:00
db:JVNDBid:JVNDB-2016-005840date:2016-11-14T00:00:00
db:CNNVDid:CNNVD-201610-123date:2016-09-29T00:00:00
db:NVDid:CVE-2016-5852date:2016-11-08T20:59:05.787