NVIDIA has released , in which it announced the closure of a serious vulnerability in the GeForce Experience utility, a software tool accompanying the company’s graphics drivers for updating video card drivers and setting up graphics. The discovered vulnerability was designated CVE-2019-5702 and scored 8,4 points on a 10-point scale.
Note that to ensure that an attacker can influence the victim’s system using the CVE-2019-5702 vulnerability, local access to the system is required. Where does such a high assessment of danger come from? It's all about the ease with which an attacker can cause a system denial of service and escalate his privileges. Due to the “low complexity” of implementing the vulnerability, it was assigned a high degree of danger. Interaction with the victim is optional. The user himself can give the tools into the hands of a remote hacker if he accidentally launches malware embedded in a file or program on his system.
Otherwise, the attacker can manually launch malicious software on the victim’s computer, having minimal privileges in the system and thereby gain the opportunity to increase privileges and access to information that is normally protected from third-party interference.
All GeForce Experience releases prior to version 2019 are affected by the CVE-5702-3.20.2 vulnerability. To protect your computer or laptop from this scourge, you need to download GeForce Experience version 3.20.2 from the NVIDIA website.
Source: 3dnews.ru