| Vulnerability Name: | CVE-2013-3697 (CCN-84581) | ||||||||
| Assigned: | 2013-05-28 | ||||||||
| Published: | 2013-05-28 | ||||||||
| Updated: | 2013-07-31 | ||||||||
| Summary: | Integer overflow in the NWFS.SYS kernel driver 4.91.5.8 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003 and the NCPL.SYS kernel driver in Novell Client 2 SP2 on Windows Vista and Windows Server 2008 and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 might allow local users to gain privileges via a crafted 0x1439EB IOCTL call. | ||||||||
| CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C) 6.1 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:U/RC:C)
6.1 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:U/RC:C)
| ||||||||
| Vulnerability Type: | CWE-189 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2013-3697 Source: MISC Type: Exploit http://pastebin.com/RcS2Bucg Source: CCN Type: SA53630 Novell Client NWFS.SYS NWC_VERIFY_KEY_WITHCONN Handling Integer Overflow Vulnerability Source: CCN Type: Novell Document ID 7012497 May 10th, 2013 Novell Client for Windows Zero Day disclosures Source: CONFIRM Type: Vendor Advisory http://www.novell.com/support/kb/doc.php?id=7012497 Source: CCN Type: BID-60202 Novell Client 'NWFS.SYS' Local Integer Overflow Vulnerability Source: XF Type: UNKNOWN novell-client-nwfs-bo(84581) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||