CVE-2019-5678

HIGH

Nvidia Geforce Experience < 3.19 - Improper Input Validation

Title source: rule

Description

NVIDIA GeForce Experience versions prior to 3.19 contains a vulnerability in the Web Helper component, in which an attacker with local system access can craft input that may not be properly validated. Such an attack may lead to code execution, denial of service or information disclosure.

Exploits (1)

exploitdb WORKING POC

by Rhino Security Labs · htmllocalwindows

https://www.exploit-db.com/exploits/46972

View Code ZIP pw:eip

References (2)

[Various Sources] https://support.lenovo.com/us/en/product_security/LEN-27815

[Patch, Vendor Advisory] https://nvidia.custhelp.com/app/answers/detail/a_id/4806

Scores

CVSS v3 7.8

EPSS 0.0036

EPSS Percentile 58.0%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-20

Status published

Products (1)

nvidia/geforce_experience < 3.19

Published May 31, 2019

Tracked Since Feb 18, 2026