CVE-2019-5701

HIGH

Nvidia Geforce Experience < 3.20.0.118 - Uncontrolled Search Path

Title source: rule

Description

NVIDIA GeForce Experience, all versions prior to 3.20.0.118, contains a vulnerability when GameStream is enabled in which an attacker with local system access can load the Intel graphics driver DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service, information disclosure, or escalation of privileges through code execution.

References (2)

Scores

CVSS v3 7.8
EPSS 0.0019
EPSS Percentile 40.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE
CWE-427
Status published

Affected Products (1)

nvidia/geforce_experience < 3.20.0.118

Timeline

Published Nov 09, 2019
Tracked Since Feb 18, 2026