CVE‑2021‑1079 – NVIDIA GeForce Experience Command Execution
voidsec2022-01-14T08:59:18+01:00NVIDIA GeForce Experience (GFE) v.<= 3.21 is affected by an Arbitrary File Write vulnerability in the GameStream/ShadowPlay plugins, where log files are created using NT AUTHORITY\SYSTEM level permissions, which lead to Command Execution and Elevation of Privileges (EoP).
NVIDIA Security Bulletin – April 2021
NVIDIA Acknowledgements Page
This blog post is a re-post of the original article “Chaining Bugs: CVE‑2021‑1079 - NVIDIA GeForce Experience (GFE) Command Execution” that I have written for Yarix on
YLabs.
Introduction
Some time...