CVE-2016-8827
MEDIUMNVIDIA GeForce Experience <3.1.0.52 - Info Disclosure
Title source: llmDescription
NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter validation, allowing for information disclosure via a directory traversal attack.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/94964
Vendor Advisory x_refsource_confirm
http://nvidia.custhelp.com/app/answers/detail/a_id/4279
Vendor Advisory x_refsource_confirm
https://nvidia.custhelp.com/app/answers/detail/a_id/5033
Not Applicable x_refsource_confirm
https://nvidia.custhelp.com/app/answers/detail/a_id/5155
Scores
CVSS v3
6.5
EPSS
0.0595
EPSS Percentile
90.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (2)
nvidia/geforce_experience
3.0 - 3.1.0.52
Nvidia Corporation/GeForce Experience
All
Published
Dec 16, 2016
Tracked Since
Feb 18, 2026