Friday, January 11, 2013

NVIDIA has removed security vulnerability by releasing driver update

Exploit for the vulnerability was published on Pastebin, although the company has not been notified about the discovery holes.

The U.S. company has released an update for NVIDIA driver (310.90 WHQL), which fixes a security vulnerability, discovered at the end of December. Pre-existing flaw could allow attackers to gain administrator privileges on the versions of Windows, which were released after Vista.

Vulnerability in the driver NVIDIA Display Service has been discovered by researchers in the field of information security, Peter Winter-Smith. He posted to exploit vulnerabilities on Pastebin.

The flaw could cause a buffer overflow and the introduction of a certain code afforded privileges. The exploit provides an attacker to bypass DEP-and ASLR-protection on the target system.

Later exploit the vulnerability has been removed from Pastebin, which is related to the fact that researchers have published it without notifying representatives of NVIDIA's newly discovered vulnerability.

Winter-Smith argued his actions by saying that it discovered the vulnerability had a low level of risk. It could proekspluatirovat only if your computer is on faylobmenny service and access it firewall Windows.

NVIDIA representatives had no immediate comment on the publication of an exploit in the public domain. In addition, the company provided the driver update is not only discovered the vulnerability, but also the performance of the company's devices.

No comments:

Post a Comment