Windows PCs with multi-screen setups are affected
The control panel that comes with Nvidia GPU drivers is affected by a security bug that allows attackers to launch malicious applications with escalated system-level privileges.
The security flaw is not in the GPU driver, but in the control panel, and more specifically in the Smart Maximize Helper, a feature that enhances fullscreen support on Windows operating systems with multi-screen setups.
According to Julien Sambourg of
TousLesDrivers, a basic programming error is to blame, a missing double quotation marks, which makes it possible for attackers to attach malicious instructions via the Smart Maximize Helper feature.
Because the Smart Maximize Helper executable takes various parameters when it moves applications into fullscreen mode, hackers can attach malicious code to the nvSmartMaxapp.exe and the nvSmartMaxapp64.exe files, and have the code execute with system-level privileges.
