Vulnerability Name: | CVE-2007-5762 (CCN-39576) | ||||||||
Assigned: | 2007-10-31 | ||||||||
Published: | 2008-01-09 | ||||||||
Updated: | 2017-07-29 | ||||||||
Summary: | NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91 SP4, allows local users to execute arbitrary code by opening the \\.\nicm device and providing crafted kernel addresses via IOCTLs with the METHOD_NEITHER buffering mode. | ||||||||
CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C) 5.6 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-20 | ||||||||
Vulnerability Consequences: | Gain Privileges | ||||||||
References: | Source: MITRE Type: CNA CVE-2007-5762 Source: CCN Type: Novell Web site Novell Client 4.91 Post-SP3/4 NICM.SYS Source: CONFIRM Type: Patch http://download.novell.com/Download?buildid=4FmI89wOmg4~ Source: IDEFENSE Type: Patch 20080109 Novell NetWare Client nicm.sys Local Privilege Escalation Vulnerability Source: CCN Type: Packetstorm Security Website Novell Client 4.91 SP3/4 Privilege Escalation Source: CCN Type: SA28396 Novell Client nicm.sys Privilege Escalation Vulnerability Source: SECUNIA Type: Vendor Advisory 28396 Source: CCN Type: SECTRACK ID: 1019172 NetWare 'nicm.sys' Driver Lets Local Users Gain Kernel Level Privileges Source: CCN Type: OSVDB ID: 40871 Novell NetWare Client NICM.SYS Local Privilege Escalation Source: BID Type: Patch 27209 Source: CCN Type: BID-27209 Novell Client for Windows 'nicm.sys 'Local Privilege Escalation Vulnerability Source: CCN Type: BID-29109 Novell Client for Windows Forgotten Password Local Privilege Escalation Vulnerability Source: SECTRACK Type: UNKNOWN 1019172 Source: VUPEN Type: UNKNOWN ADV-2008-0088 Source: XF Type: UNKNOWN novell-client-nicm-privilege-escalation(39576) Source: XF Type: UNKNOWN novell-client-nicm-privilege-escalation(39576) Source: CCN Type: iDefense PUBLIC ADVISORY: 01.09.08 Novell NetWare Client nicm.sys Local Privilege Escalation Vulnerability Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [05-22-2012] | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: ![]() | ||||||||
BACK |