Vulnerability Details CVE-2015-7866
Unquoted Windows search path vulnerability in the Smart Maximize Helper (nvSmartMaxApp.exe) in the Control Panel in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows allows local users to gain privileges via a Trojan horse application, as demonstrated by C:\Program.exe.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 38.6%
CVSS Severity
CVSS v2 Score 7.2
References
- http://nvidia.custhelp.com/app/answers/detail/a_id/3806/kw/security
- http://www.securitytracker.com/id/1034175
- https://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04971867
- http://nvidia.custhelp.com/app/answers/detail/a_id/3806/kw/security
- http://www.securitytracker.com/id/1034175
- https://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04971867
Products affected by CVE-2015-7866
-
cpe:2.3:a:nvidia:gpu_driver:340
-
cpe:2.3:a:nvidia:gpu_driver:340.52
-
cpe:2.3:a:nvidia:gpu_driver:340.65
-
cpe:2.3:a:nvidia:gpu_driver:340.76
-
cpe:2.3:a:nvidia:gpu_driver:340.96
-
cpe:2.3:a:nvidia:gpu_driver:340.98
-
cpe:2.3:a:nvidia:gpu_driver:352
-
cpe:2.3:a:nvidia:gpu_driver:352.0
-
cpe:2.3:a:nvidia:gpu_driver:352.09
-
cpe:2.3:a:nvidia:gpu_driver:352.63
-
cpe:2.3:a:nvidia:gpu_driver:358
-
cpe:2.3:a:nvidia:gpu_driver:358.16
-
cpe:2.3:o:microsoft:windows:-
-
cpe:2.3:o:microsoft:windows:1.0
-
cpe:2.3:o:microsoft:windows:2.0
-
cpe:2.3:o:microsoft:windows:2000
-
cpe:2.3:o:microsoft:windows:3.0
-
cpe:2.3:o:microsoft:windows:3.1
-
cpe:2.3:o:microsoft:windows:3.11
-
cpe:2.3:o:microsoft:windows:server_2008
-
cpe:2.3:o:microsoft:windows:vista