Vulnerabilities > CVE-2013-0109 - Buffer Errors vulnerability in Nvidia Display Driver 307.00/310.00
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The NVIDIA driver before 307.78, and Release 310 before 311.00, in the NVIDIA Display Driver service on Windows does not properly handle exceptions, which allows local users to gain privileges or cause a denial of service (memory overwrite) via a crafted application.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Exploit-Db
description | Nvidia (nvsvc) Display Driver Service - Local Privilege Escalation. CVE-2013-0109. Local exploit for win64 platform |
id | EDB-ID:30393 |
last seen | 2016-02-03 |
modified | 2013-12-17 |
published | 2013-12-17 |
reporter | metasploit |
source | https://www.exploit-db.com/download/30393/ |
title | Nvidia nvsvc Display Driver Service - Local Privilege Escalation |
Metasploit
description | The named pipe, \pipe\nsvr, has a NULL DACL allowing any authenticated user to interact with the service. It contains a stacked based buffer overflow as a result of a memmove operation. Note the slight spelling differences: the executable is 'nvvsvc.exe', the service name is 'nvsvc', and the named pipe is 'nsvr'. This exploit automatically targets nvvsvc.exe versions dated Nov 3 2011, Aug 30 2012, and Dec 1 2012. It has been tested on Windows 7 64-bit against nvvsvc.exe dated Dec 1 2012. |
id | MSF:EXPLOIT/WINDOWS/LOCAL/NVIDIA_NVSVC |
last seen | 2020-06-13 |
modified | 2017-07-24 |
published | 2013-07-17 |
references | |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/local/nvidia_nvsvc.rb |
title | Nvidia (nvsvc) Display Driver Service Local Privilege Escalation |
Nessus
NASL family | Windows |
NASL id | NVIDIA_CVE_2013_0109.NASL |
description | The version of the NVIDIA Display Driver service on the remote Windows host is later than 174.00 but prior to 307.78, or later than 310.00 but prior to 311.00. It is therefore affected by the following vulnerabilities : - An privilege escalation vulnerability exists due to not properly handling exceptions. A local attacker, using a crafted application, could exploit this to overwrite memory, allowing the execution of arbitrary code or causing a denial of service. (CVE-2013-0109) - A privilege escalation vulnerability exists in the Stereoscopic 3D Driver service due to an unquoted service search path. A local attacker, using a trojan horse program, could exploit this to execute arbitrary code in the root path. (CVE-2013-0110) - A privilege escalation vulnerability exists in the Update Service Daemon due to an unquoted service search path. A local attacker, using a trojan horse program, could exploit this to execute arbitrary code in the root path. (CVE-2013-0111) |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 83521 |
published | 2015-05-18 |
reporter | This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/83521 |
title | NVIDIA Display Driver 174.x < 307.78 / 310.x < 311.00 Multiple Vulnerabilities |
code |
|
Packetstorm
data source | https://packetstormsecurity.com/files/download/124465/nvidia_nvsvc.rb.txt |
id | PACKETSTORM:124465 |
last seen | 2016-12-05 |
published | 2013-12-17 |
reporter | Peter Wintersmith |
source | https://packetstormsecurity.com/files/124465/Nvidia-nvsvc-Display-Driver-Service-Local-Privilege-Escalation.html |
title | Nvidia (nvsvc) Display Driver Service Local Privilege Escalation |
Seebug
bulletinFamily exploit description No description provided by source. id SSV:83790 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-83790 title Nvidia (nvsvc) Display Driver Service - Local Privilege Escalation bulletinFamily exploit description CVE-2013-0109 NVIDIA Graphics Driver是一款流行的图形驱动程序 Windows下的NVIDIA显示驱动服务存在一个未明错误,允许本地攻击者利用漏洞提升权限 0 NVIDIA Graphics Drivers for Windows 300.x NVIDIA Graphics Drivers for Windows 310.x 厂商解决方案 NVIDIA Graphics Drivers for Windows 307.83或311.00已经修复此漏洞,建议用户下载更新: http://www.nvidia.com id SSV:60692 last seen 2017-11-19 modified 2013-03-19 published 2013-03-19 reporter Root source https://www.seebug.org/vuldb/ssvid-60692 title Windows平台下的NVIDIA图形驱动程序权限提升漏洞(CVE-2013-0109)