FKIE_CVE-2015-7866

Vulnerability from fkie_nvd - Published: 2015-11-24 20:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Unquoted Windows search path vulnerability in the Smart Maximize Helper (nvSmartMaxApp.exe) in the Control Panel in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows allows local users to gain privileges via a Trojan horse application, as demonstrated by C:\Program.exe.
References
cve@mitre.orghttp://nvidia.custhelp.com/app/answers/detail/a_id/3806/kw/securityVendor Advisory
cve@mitre.orghttp://www.securitytracker.com/id/1034175Third Party Advisory, VDB Entry
cve@mitre.orghttps://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04971867Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://nvidia.custhelp.com/app/answers/detail/a_id/3806/kw/securityVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1034175Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04971867Third Party Advisory
Impacted products
Vendor Product Version
nvidia gpu_driver *
nvidia gpu_driver *
nvidia gpu_driver *
microsoft windows *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3937929C-A1C1-40AC-9E8C-1B5F120B0EDB",
              "versionEndExcluding": "341.92",
              "versionStartIncluding": "340",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEDBBE2C-8B0F-49CA-A28B-C35EEE3DBA5C",
              "versionEndExcluding": "354.35",
              "versionStartIncluding": "352",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF3237AD-D1E3-4857-999E-22FAAC340F16",
              "versionEndExcluding": "358.87",
              "versionStartIncluding": "358",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unquoted Windows search path vulnerability in the Smart Maximize Helper (nvSmartMaxApp.exe) in the Control Panel in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows allows local users to gain privileges via a Trojan horse application, as demonstrated by C:\\Program.exe."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ruta de b\u00fasqueda sin entrecomillar en Windows en el Smart Maximize Helper (nvSmartMaxApp.exe) en el Control Panel en el controlador de gr\u00e1ficos NVIDIA GPU R340 en versiones anteriores a 341.92, R352 en versiones anteriores a 354.35 y R358 en versiones anteriores a 358.87 en Windows permite a usuarios locales obtener privilegios a trav\u00e9s de una aplicaci\u00f3n troyano, seg\u00fan lo demostrado por C:\\Program.exe."
    }
  ],
  "evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/428.html\" rel=\"nofollow\"\u003eCWE-428: Unquoted Search Path or Element\u003c/a\u003e",
  "id": "CVE-2015-7866",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-11-24T20:59:12.360",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/3806/kw/security"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1034175"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04971867"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/3806/kw/security"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1034175"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04971867"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.