CVE-2019-5676
MEDIUMNVIDIA GPU Display Driver 410-412.36 and GeForce Experience < 3.19 - Uncontrolled Search Path Element
Title source: llmDescription
NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), leading to escalation of privileges through code execution.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_confirm
https://nvidia.custhelp.com/app/answers/detail/a_id/4797
Vendor Advisory x_refsource_confirm
https://nvidia.custhelp.com/app/answers/detail/a_id/4806
Third Party Advisory x_refsource_confirm
https://support.lenovo.com/us/en/product_security/LEN-27815
Vendor Advisory x_refsource_confirm
https://nvidia.custhelp.com/app/answers/detail/a_id/4841
Scores
CVSS v3
6.7
EPSS
0.0030
EPSS Percentile
53.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-427
Status
published
Products (2)
nvidia/geforce_experience
< 3.19
nvidia/gpu_display_driver
410 - 412.36
Published
May 10, 2019
Tracked Since
Feb 18, 2026