Windows version of NVIDIA GeForce Experience got a fix for the bug CVE-2019-5702, with the help of which a local attacker could provoke a denial of service, as well as increase his privileges in the system. The bug scored 8.3 points out of 10 possible on the CVSS3 vulnerability rating scale.
Fortunately, the vulnerability cannot be exploited remotely, and an attack requires access to the vulnerable host. That is, for example, the machine must be pre-infected with malware. However, it should be noted that the attack requires very low privileges in the system, and also does not require user interaction and is very easy to execute.
Vulnerabilities were affected by all Windows-based versions of NVIDIA GeForce Experience, released earlier than version 3.20.2. Users are encouraged to upgrade as soon as possible.