Security Bulletin: CVE-2015-7866: NVIDIA Control Panel Unquoted Path

Updated 09/29/2021 10:18 AM

CVE-2015-7866: NVIDIA Control Panel Unquoted Path

Go to NVIDIA Product Security.

Vulnerability Description:

The NVIDIA control panel on Windows is affected by an unquoted path vulnerability. A local attacker could gain elevated privileges by inserting an executable file in the path of the affected process.

Exploit Scope and Risk:

The NVIDIA Control Panel executable Smart Maximize Helper contains an unquoted path vulnerability in which the nvSmartMaxApp.exe lacks appropriate double quotes in the process name paths when launching process threads. As such, malicious actors have the ability to place programs at appropriate locations in a search path such as C:\Program.exe". This allows malicious code to execute with elevated privileges during Windows startup.

The CVSS Risk assessment is listed below.

CVSS Base Score - 6.8

Exploitability sub-score - 3.1

Access Vector: Local

Access Complexity: Low

Authentication: Single

Impact sub-score - 5.3

Confidentiality Impact: Complete

Integrity Impact: Complete

Availability Impact: Complete

CVSS temporal sub-score - 5.6

Exploitability: Functional exploit exists

Remediation Level: Official Fix

Report Confidence: Confirmed

CVSS Environmental Score - [determined by user]

NVIDIA's risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation. We recommended consulting a local security or IT professional to evaluate the risk of your specific configuration. NVIDIA doesn't know of any exploits to this issue at this time.

Vulnerable Configurations:

This issue affects Windows systems where the NVIDIA driver is installed for all GPUs.

Vulnerability Discovery:

NVIDIA was informed of this issue by Wesley Daniels.


NVIDIA recommends that users upgrade to the fixed driver version - details below.


Always observe the following safe computing practices:

  • Only download or execute content and programs from trusted third parties.

  • Run your system and programs with the least privilege necessary. Users should run without root privileges whenever possible.

When running as root, do not elevate privileges for activities or programs that don't need them.

Is this answer helpful?

Live Chat

Chat online with one of our support agents



Contact Support for assistance


Ask a Question