Integer Overflow in Novell Client Kernel Drivers on Windows Systems
CVE-2013-3697

Currently unrated

Key Information:

Vendor: Novell
Status: Client
Vendor: CVE Published:; 31 July 2013

Summary

An integer overflow vulnerability exists in the NWFS.SYS and NCPL.SYS kernel drivers of the Novell Client, potentially enabling local users to escalate their privileges. This issue arises when improper handling of IOCTL calls, specifically a crafted 0x1439EB command, allows attackers to exploit the affected systems. Affected versions include Novell Client 4.91 SP5 for Windows XP and Server 2003, as well as multiple iterations of Novell Client 2 across various Windows operating systems up to Server 2012. Users are urged to apply necessary patches and updates to mitigate associated risks.

References

http://pastebin.com/RcS2Bucg

x_refsource_MISC

http://www.novell.com/support/kb/doc.php?id=7012497

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jul 31, 2013