Unvalidated User Input in NVISystemService64 in GeForce Experience (GFE) 3.x before 3.10.0.55

CVE-2017-0316 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

In GeForce Experience (GFE) 3.x before 3.10.0.55, NVIDIA Installer Framework contains a vulnerability in NVISystemService64 where a value passed from a user to the driver is used without validation, which may lead to denial of service or possible escalation of privileges.

Learn more about our User Device Pen Test.