Security News > 2020 > October > NVIDIA patches high severity GeForce Experience vulnerabilities
NVIDIA released a security update for the Windows NVIDIA GeForce Experience app to address vulnerabilities that could enable attackers to execute arbitrary code, escalate privileges, gain access to sensitive info, or trigger a denial of service state on systems running unpatched software.
The three vulnerabilities fixed in the October 2020 security update are detailed below, together with full descriptions and the CVSS V3 base score assigned by NVIDIA. CVE IDs Description Base Score CVE‑2020‑5977 NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.
8.2 CVE‑2020‑5990 NVIDIA GeForce Experience contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service, or information disclosure.
The vulnerabilities impact only computers running Windows and NVIDIA GeForce Experience versions before 3.20.5.70, the version that comes with fixes for the three bugs.
In July, NVIDIA fixed another security flaw in all GeForce Experience versions prior to 3.20.4 which could lead to code execution, denial of service, or escalation of privileges.