Critical Security Problem in Nvidia's Drivers, Exploit Code Circulated
A software developer has posted details about a vulnerability in Nvidia's graphics driver that could allow an attacker to gain control over a user's computer.
According to Peter Winter-Smith's post on Pastebin, the problem is anchored in nvvsvc.exe, a file that is used in the Nvidia display driver service. The file is reportedly is vulnerable to a buffer overflow and code injection attack. Since nvvsvc.exe runs with full system access rights, the developer claims that any program can be installed by an attacker.
While the information on how the issue can be exploited is currently freely available and the exploit code circulated by Winter-Smith, it is unclear how the exploit could target a client PC and how it could be triggered. In his test setup, he used a Dell XPS 15 system with a GT540M GPU running under Windows 7 (64-bit). He also noted that he ran the test with full administrator rights on the PC with unrestricted access to the computer.
Nvidia has not reacted to the report yet and the post on Pastebin was removed with the comment: "I'm sorry to say that I've had to remove this post - it has caused some trouble for a few friends of mine and I didn't intend for that to happen." However, the author announced his discovery on several forums and websites, including attachments with the exploit code.
Contact Us for News Tips, Corrections and Feedback
Stay On the Cutting Edge: Get the Tom's Hardware Newsletter
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
-
kellybean You would think this guy would do the right thing and tell Nvidia first and hopefully Nvidia would do the right thing and compensate the guy for the knowledge but noooooo.Reply -
mikenygmail lostmyclani know that a long time ago... in my country has some hijack tools with the exe =) thats why i use ati.Reply
Yes, AMD/ATI drivers are much better. -
jn77 It is amazing how people dog ATI's drivers, but when Nvidia has driver issues, all the Nvidia fan boys just disappear. Not to mention it took 3-4 years and a class action lawsuit for Nvidia to come clean about their GPU hardware issues that messed everyone up not that long ago (2002-2005).Reply
Unless ATI does something really stupid, I will never use Nvidia's half...... hardware. -
jaquith HINT: Any application that has SACL access (full system access rights) has the potential to be hacked (exploited) in much the same exact manner.Reply
Google or search: 'ATI driver exploits' or pretty much any primary program your PC uses and at one point or another chances are someone hacked into it... -
ethanolson AMD gives better performance per watt for the most part. The issue I have is the driver tuning is lacking from a processing standpoint. My conclusion is rooted in experience from GPU video encoding and how the AMD output looks noticeably worse than NVidia or Intel and you can't improve it easily at this point. When they get that part of their engine fixed and there's better software support, then I'm making the switch.Reply -
warezme mikenygmailYes, AMD/ATI drivers are much better.I sense a deep and scathing sense of sarcasm in this comment.Reply -
tomfreak I got no trouble of AMD driver, but their too early to drop driver support to legacy status really scares me. example .... ATI HD4000Reply -
mikenygmail warezmeI sense a deep and scathing sense of sarcasm in this comment.Reply
While typing it, I was afraid of that... -
Old_Fogie_Late_Bloomer warezmeI sense a deep and scathing sense of sarcasm in this comment.Yeah, I was like...wait, he is being sarcastic, right? The "/sarcasm" tag is your friend... :)Reply