CVE-2015-7865: STEREOSCOPIC 3D DRIVER SERVICE ARBITRARY RUN KEY CREATION

Answer ID 3807
Published 11/13/2015 03:04 PM
Updated 11/18/2015 07:21 AM
CVE-2015-7865: STEREOSCOPIC 3D DRIVER SERVICE ARBITRARY RUN KEY CREATION

Vulnerability Description:

The 3D Vision service nvSCPAPISvr.exe, installed as part of the 3D Vision driver in Windows environments, creates a named pipe that can allow arbitrary command line execution in the session of any other user, allowing elevation of privilege. In Windows Domain environments, it is also possible to exploit the vulnerability between machines if the attacker has access to a valid user account on one domain-joined machine.

Exploit Scope and Risk:

This service can allow malicious code on the system to create a run key entry to execute command lines in the security context of other users, potentially allowing elevation of privilege.

The 3D Driver Service's named pipe creation does not properly limit access to the pipe, which can allow the service to be used by external actors who have valid credentials on the local system or within a joined domain.

The 3D Vision service, while processing the registry key path, has the potential to cause memory corruption.



The CVSS Risk assessment is listed below.

CVSS Base Score - 7.7

Exploitability sub-score - 5.1

Access Vector: Adjacent Network

Access Complexity: Low

Authentication: Single

Impact sub-score - 10

Confidentiality Impact: Complete

Integrity Impact: Complete

Availability Impact: Complete

CVSS temporal sub-score - 6.4

Exploitability: Functional Exploit Exists

Remediation Level: Official Fix

Report Confidence: Confirmed

NVIDIA's risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation. We recommended consulting a local security or IT professional to evaluate the risk of your specific configuration.

Vulnerable Configurations:

The 3D Vision service nvSCPAPISvr.exe is installed as part of the 3D Vision driver in Windows environments. All GPUs for which 3DVision driver is supported are affected. Linux and other OS installations are not affected.

Vulnerability Discovery:

This bug was reported to NVIDIA by James Forshaw of Google.

Fix:

NVIDIA recommends that users upgrade to the fixed driver version - details below.

OS

Branch

1st version that includes the fix

Windows

R358

358.87

Windows

R352

354.35

Windows

R340

341.92

Mitigations:

Uninstallation of the 3D vision driver will remove 3D vision functionality and eliminate exposure to this vulnerability.

Always observe the following safe computing practices:

· Only download or execute content and programs from trusted third parties.

· Run your system and programs with the least privilege necessary. Users should run without root privileges whenever possible.

· When running as root, do not elevate privileges for activities or programs that don't need them.

Was this answer helpful?
Your rating has been submitted, please tell us how we can make this answer more useful.

LIVE CHAT

Chat online with one of our support agents

CHAT NOW

ASK US A QUESTION

Contact Support for assistance

CONTACT US