Quote:Nvidia has released a patch to fix a serious security vulnerability in GeForce Experience which can be exploited to perform local code execution attacks.
Revealed this week, the security flaw was originally discovered and reported by David Yesland of Rhino Security Labs.
Tracked as CVE‑2019‑5674 and awarded a base severity score of 8.8, the bug is present in Nvidia GeForce Experience versions prior to 3.18 on the Microsoft Windows operating system.
When ShadowPlay, NvContainer, or GameStream are enabled, opening a file does not result in hard links being checked, which may lead to code execution, denial of service, or escalation of privileges.
"This vulnerability allowed any system file to be overwritten due to insecure permissions set on log files which GFE writes data to as the SYSTEM user," Yesland said in a blog post describing his findings.
SOURCE: https://www.zdnet.com/article/nvidia-pat...xperience/
![[-]](https://www.geeks.fyi/images/collapse.png)
