4.91

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

novell

microsoft

CWE-189

nessus

NVD

Published: 2013-07-31

Updated: 2013-07-31

Summary

Integer overflow in the NWFS.SYS kernel driver 4.91.5.8 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003 and the NCPL.SYS kernel driver in Novell Client 2 SP2 on Windows Vista and Windows Server 2008 and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 might allow local users to gain privileges via a crafted 0x1439EB IOCTL call.

Vulnerable Configurations

Part	Description	Count
Application	Novell Novell Client 4.91 Novell Client 2.0	3
OS	Microsoft Microsoft Windows 2003 Server * Microsoft Windows XP * Microsoft Windows Server 2008 - Microsoft Windows Server 2008 R2 Microsoft Windows Vista * Microsoft Windows 7 * Microsoft Windows 8 -	8

Common Weakness Enumeration (CWE)

CWE-189 - Numeric Errors

Nessus

NASL family	Windows
NASL id	NOVELL_CLIENT_PRIV_ESCALATION2.NASL
description	The version of Novell Client or Novell Client 2 installed on the remote Windows host is potentially affected by the following vulnerabilities : - An error exists related to
last seen	2020-06-01
modified	2020-06-02
plugin id	69557
published	2013-09-03
reporter	This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/69557
title	Novell Client / Client 2 Multiple Vulnerabilities

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References