Cybersecurity specialists reported the finding of multiple unpatched vulnerabilities in nVidia D3D10 graphic drivers. Successful exploitation of these flaws would allow code execution on a vulnerable system.
Below are brief descriptions of the reported flaw, in addition to their respective scores according to the Common Vulnerability Scoring System (CVSS). It should be clarified that these flaws do not have a CVE key assigned to them.
- A limit error when processing untrusted entries for nvwg MOV_SAT functionality would allow threat actors to use a specially designed shader to trigger out-of-bounds writing and execute arbitrary code on the target system. Vulnerability received a score of 7.8/10
- A limit error when processing entries not trusted in nvwg functionality would allow threat actors to use a specially designed shader to trigger remote code execution on affected systems. This flaw received a score of 7.8/10
- A limit error processing untrusted entries in the NVwg MOV2 functionality could allow threat actors to trigger an out-of-bounds write to execute arbitrary code on the target system. The fault received a score of 7.8/10
- A limit error processing untrusted input in nvwg DCL_CONSTANT_BUFFER functionality would allow hackers to use a specially designed shader to execute arbitrary code on the target system. The fault received a score of 7.8/10
- A limit error when processing untrusted entries in MOV nvwg functionality. A remotely authenticated attacker can use a specially designed shader, enable off-limit writing, and execute arbitrary code on the affected system. This vulnerability received a score of 7.8/10
- A limit error when processing untrusted entries in the NVwg MUL functionality would allow threat actors to execute arbitrary code using a specially designed shader. The fault received a score of 7.8/10
Although faults are dangerous as they can be exploited remotely, experts mention that no signs of active exploitation have been detected so far. These flaws have not been fixed, so users must remain alert.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.