Flaw in Nvidia Driver Allows for Remote Injection of Unwanted Super-User
A stack buffer overflow in the NVIDIA Display Driver Service may be exploited to add a new user on your computer despite the security checks implemented at the operating system level. According to security researcher Peter Winter-Smith, the flaw can be exploited by any logged on user or remote user in a domain context (i.e. a user on a corporate network).
The entire process is documented in the proof-of-concept code released along with the announcement.
“The service listens on a named pipe (\pipe\nsvr) which has a NULL DACL configured, which should mean that any logged on user or remote user in a domain context (Windows firewall/file sharing permitting) should be able to exploit this vulnerability,” wrote Winter-Smith.
While it may be true that the exploit requires the attacker to have a valid account on a computer or on a corporate network, access to a machine can be achieved by phishing a corporate user, for instance. From then on, the attacker can escalate its privileges to access mission-critical machines that run the vulnerable driver.
This is not an isolated incident for Nvidia. Earlier in August, the closed-source Nvidia driver for Linux was found to be vulnerable to a bug that granted root access to any limited user on the machine.