NVIDIA patches high severity GeForce Experience vulnerabilities


Level 68
Content Creator
Malware Hunter
Aug 17, 2014
NVIDIA released a security update for the Windows NVIDIA GeForce Experience (GFE) app to address vulnerabilities that could enable attackers to execute arbitrary code, escalate privileges, gain access to sensitive info, or trigger a denial of service (DoS) state on systems running unpatched software.

NVIDIA GFE is a companion utility for GeForce GTX graphics cards that "keeps your drivers up to date, automatically optimizes your game settings, and gives you the easiest way to share your greatest gaming moments with friends" according to NVIDIA,

While these flaws require attackers to have local user access and cannot be exploited remotely, they can still be abused using malicious tools deployed on systems running vulnerable NVIDIA GFE versions.
Additionally, attacks that would exploit these bugs are of low complexity according to NVIDIA, while also requiring low privileges, and need no user interaction.