Lucene search

[email protected]CVE-2013-3956

HistoryJul 31, 2013 - 1:20 p.m.

CVE-2013-3956

2013-07-3113:20:00

CWE-264

[email protected]

web.nvd.nist.gov

vulnerability

privilege escalation

nicm.sys

novell client

windows xp

windows server 2003

windows vista

windows server 2008

windows server 2008 r2

windows 7

windows 8

windows server 2012

local exploit

0x143b6b ioctl call

7.3 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.005 Low

EPSS

Percentile

75.9%

JSON

The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003; Novell Client 2 SP2 on Windows Vista and Windows Server 2008; and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted 0x143B6B IOCTL call.

CPENameOperatorVersion
novell:clientnovell clienteq4.91
novell:clientnovell clienteq2.0

CPE	Name	Operator	Version
novell:client	novell client	eq	4.91
novell:client	novell client	eq	2.0

References

pastebin.com/GB4iiEwR

www.exploit-db.com/exploits/26452

www.exploit-db.com/exploits/27191

www.novell.com/support/kb/doc.php?id=7012497

7.3 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.005 Low

EPSS

Percentile

75.9%

JSON

Related for CVE-2013-3956

canvas1 prion1 nessus1 mmpc1 mssecure2 threatpost1 rapid7blog1