Security Notice Update April 27, 2017
This issue has been addressed. For details, see Security Bulletin: NVIDIA GeForce Experience contains a vulnerability in WebHelper.exe. (repackaged Node.js) CVE-2017-2650.
April 21, 2017
This notice is in response to the article Abusing NVIDIA's node.js to bypass application whitelisting, published by SEC Consult. The issue was disclosed on April, 20, 2017 as an SEC Consult blog post that details how to manipulate NVIDIA node.js to bypass application whitelisting.
NVIDIA is analyzing its products to determine the extent of the issue. Any updates in relation to this issue will be communicated on the NVIDIA Product Security page. Please continue to monitor the NVIDIA Product Security page for available fixes and additional information.
Revision History
Revision | Date | Description |
---|---|---|
2.0 | April 27, 2017 | Release of Security Bulletin CVE-2017-2650 |
1.0 | April 21, 2017 | Initial release |