CVE-2013-0110 - nvSCPAPISvr.exe in the NVIDIA Stereoscopic 3D Driver service, as distributed with the NVIDIA driver

CVE Details

CVE-2013-0110

Summary

nvSCPAPISvr.exe in the NVIDIA Stereoscopic 3D Driver service, as distributed with the NVIDIA driver before 307.78, and Release 310 before 311.00, on Windows, lacks " (double quote) characters in the service path, which allows local users to gain privileges via a Trojan horse program.

References

Vulnerable Configurations

cpe:2.3:a:nvidia:driver:310.00:-:*:*:*:windows:*:*
cpe:2.3:a:nvidia:driver:310.00:-:*:*:*:windows:*:*
cpe:2.3:a:nvidia:driver:*:-:*:*:*:windows:*:*
cpe:2.3:a:nvidia:driver:*:-:*:*:*:windows:*:*

CVSS

Base:	6.8 (as of 09-04-2013 - 14:19)
Impact:	10.0
Exploitability:	3.1

CWE

NVD-CWE-Other

CAPEC

Click the CAPEC title to display a description

Access

Vector	Complexity	Authentication
LOCAL	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:S/C:C/I:C/A:C

refmap via4

cert-vn	VU#957036
confirm	http://www.nvidia.com/object/product-security.html

Last major update

09-04-2013 - 14:19

Published

08-04-2013 - 16:55

Last modified

09-04-2013 - 14:19