Local Code Execution Vulnerability in Novell NetWare Client
CVE-2007-5762

Currently unrated

Key Information:

Vendor: Novell
Status: Netware Client
Vendor: CVE Published:; 9 January 2008

Summary

The NICM.SYS driver version 3.0.0.4 used in Novell NetWare Client 4.91 SP4 contains a vulnerability that allows local users to execute arbitrary code. This is achieved by interacting with the . icm device and supplying specially crafted kernel addresses via IOCTLs using the METHOD_NEITHER buffering mode. Successful exploitation can lead to unauthorized access and control over system resources.

References

http://www.securityfocus.com/bid/27209

vdb-entryx_refsource_BID

http://secunia.com/advisories/28396

third-party-advisoryx_refsource_SECUNIA

http://www.vupen.com/english/advisories/2008/0088

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability published
Jan 9, 2008
Vulnerability Reserved
Oct 31, 2007