Security consultant Peter Winter-Smith recently posted details of a vulnerability in the NVIDIA Display Driver Service on Pastebin (the post has since been removed). The security flaw, according to Winter-Smith, could enable attackers to gain administrator privileges on Windows machines.
"[Winter-Smith] explains that the service is vulnerable to a stack buffer overflow that bypasses data execution prevention (DEP) and address space layout randomization (ASLR) running in the Windows operating system since Windows Vista," writes Threatpost's Michael Mimoso. "'The service listens on a named pipe (\pipe\nsvr) which has a NULL DACL configured, which should mean that any logged on user or remote user in a domain context (Windows firewall/file sharing permitting) should be able to exploit this vulnerability,' Winter-Smith wrote on Pastebin."
"Winter-Smith wrote that the buffer overflow occurs as a result of a bad memmove operation," writes TechEye's Nick Farrell. "Fortunately for Nvidia the vulnerability is difficult to exploit because it mostly affects a domain-based machine, where there are relaxed firewall rules and filesharing is switched on. This is like a network manager having their server set to 'please hack my server, I have no interest in staying in the industry.' But if they were daft enough, there are a few servers out there which have settings more liberal than Finland."
"Apparently, Winter-Smith didn't tip Nvidia off before sharing the exploit publicly," writes The Tech Report's Cyril Kowaliski. "That's because, he says, 'The risk from this particular flaw being exploited was ... sufficiently low that I didn't think it would warrant the wait.'"