// For flags

CVE-2007-5762

Novell Client 4.91 SP4 - Local Privilege Escalation

Severity Score

7.2
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91 SP4, allows local users to execute arbitrary code by opening the \\.
icm device and providing crafted kernel addresses via IOCTLs with the METHOD_NEITHER buffering mode.

El controlador NICM.SYS 3.0.0.4, como el utilizado en Novell NetWare Client 4.91 SP4, permite a usuarios locales ejecutar código de su elección abriendo el dispositivo \\.
icm y proporcionando direcciones del núcleo manipuladas mediante IOCTLs con modo de uso de búfer METHOD_NEITHER.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-10-31 CVE Reserved
  • 2008-01-09 CVE Published
  • 2012-05-22 First Exploit
  • 2023-03-08 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-20: Improper Input Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Novell
Search vendor "Novell"
Netware Client
Search vendor "Novell" for product "Netware Client"
4.91
Search vendor "Novell" for product "Netware Client" and version "4.91"
sp4
Affected