CVE-2014-0160: Gamestream OpenSSL Vulnerability

Answer ID 3492
Published 04/28/2014 07:49 AM
Updated 05/05/2014 07:23 AM

CVE-2014-0160: Gamestream OpenSSL Vulnerability

Vulnerability Description:

The OpenSSL library included in the GameStream component of GeForce Experience 2.0.0 is subject to the recently disclosed Heartbleed vulnerability. As a result, an attacker who successfully exploited this vulnerability could from another computer read the GameStream service process memory, and potentially steal confidential GameStream session data, including the user password, or decrypt future GameStream sessions.

Exploit Scope and Risk:

To take advantage of this vulnerability, an attacker would need to run Heartbleed exploit software on a remote computer that can directly communicate with the target computer over the local network or internet. Such exploit software is known to exist today and can be readily leveraged by attackers.

Common Vulnerability Scoring System (CVSS) Scoring:

CVSS Base Score - 5.0

Exploitability Subscore - 10.0

Access Vector: Network

Access Complexity: Low

Authentication: None

Impact Subscore - 2.9

Confidentiality Impact: Partial

Integrity Impact: None

Availability Impact: None

CVSS Temporal Score - 4.1

Exploitability: Functional exploit exists

Remediation Level: Official fix

Report Confidence: Confirmed

CVSS Environmental Score - [determined by user]

Vulnerable Configurations:

This issue affects all Windows computers with NVIDIA GeForce Experience 2.0.0 software installed. The vulnerable component was included in NVIDIA GeForce Release 337.50 driver and selected Release 331 OEM drivers. To determine whether your current GeForce Experience software is vulnerable, do the following:

1. Launch the GeForce Experience client from the Start menu

2. Click the Preferences tab, and examine the version number listed.

Vulnerability Discovery:

NVIDIA discovered this vulnerability internally during an assessment of products affected by the OpenSSL Heartbleed vulnerability.


NVIDIA has fixed this issue via an NVIDIA GeForce Experience update. To eliminate this vulnerability, we strongly recommend that end users update their systems to NVIDIA GeForce Experience version 2.0.1 or later as follows:

1. Launch the GeForce Experience client from the Start menu

2. Click the Preferences tab and select Updates in the left navigation pane

3. Click Check Now and follow the subsequent instructions



The following computer security best practices will reduce risks associated with this vulnerability:

· Do not interact with messages, chats or other forms of electronic communications from unknown or untrusted senders

· Do not visit untrusted web sites

· Do not install untrusted software

Was this answer helpful?
Your rating has been submitted, please tell us how we can make this answer more useful.


Chat online with one of our support agents



Contact Support for assistance