Uncontrolled Search Path Element

CVE-2019-5694

Medium

6.5/10

Summary

NVIDIA Windows GPU Display Driver, R390 driver version, contains a vulnerability in NVIDIA Control Panel in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution. The attacker requires local system access.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: HIGH
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-427 - Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References

Advisory Timeline

Published Nov 09, 2019

Uncontrolled Search Path Element

CVE-2019-5694

Summary

CWE-427 - Uncontrolled Search Path Element

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS