CVE-2013-3956
Novell Client 2 SP3 - 'nicm.sys 3.1.11.0' Local Privilege Escalation
Severity Score
7.2
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
5
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003; Novell Client 2 SP2 on Windows Vista and Windows Server 2008; and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted 0x143B6B IOCTL call.
El controlador del kernel NICM.SYS 3.1.11.0 en Novell Client 4.91 SP5 sobre Windows XP and Windows Server 2003; Novell Client 2 SP2 sobre Windows Vista y Windows Server 2008; y Novell Client 2 SP3 sobre Windows Server 2008 R2, Windows 7, Windows 8, y Windows Server 2012, permite a usuarios locales obtener privilegio a través de una llamada 0x143B6B IOCTL manipulada.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-06-05 CVE Reserved
- 2013-06-26 First Exploit
- 2013-07-31 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-24 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (6)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/27191 | 2013-07-29 | |
| https://www.exploit-db.com/exploits/26452 | 2013-06-26 | |
| http://pastebin.com/GB4iiEwR | 2024-08-06 | |
| http://www.exploit-db.com/exploits/26452 | 2024-08-06 | |
| http://www.exploit-db.com/exploits/27191 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.novell.com/support/kb/doc.php?id=7012497 | 2013-08-22 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Novell Search vendor "Novell" | Client Search vendor "Novell" for product "Client" | 4.91 Search vendor "Novell" for product "Client" and version "4.91" | sp5 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server" | * | - |
Safe
|
| Novell Search vendor "Novell" | Client Search vendor "Novell" for product "Client" | 4.91 Search vendor "Novell" for product "Client" and version "4.91" | sp5 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | - |
Safe
|
| Novell Search vendor "Novell" | Client Search vendor "Novell" for product "Client" | 2.0 Search vendor "Novell" for product "Client" and version "2.0" | sp2 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | - | - |
Safe
|
| Novell Search vendor "Novell" | Client Search vendor "Novell" for product "Client" | 2.0 Search vendor "Novell" for product "Client" and version "2.0" | sp2 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | * | - |
Safe
|
| Novell Search vendor "Novell" | Client Search vendor "Novell" for product "Client" | 2.0 Search vendor "Novell" for product "Client" and version "2.0" | sp3 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 7 Search vendor "Microsoft" for product "Windows 7" | * | - |
Safe
|
| Novell Search vendor "Novell" | Client Search vendor "Novell" for product "Client" | 2.0 Search vendor "Novell" for product "Client" and version "2.0" | sp3 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 8 Search vendor "Microsoft" for product "Windows 8" | - | x64 |
Safe
|
| Novell Search vendor "Novell" | Client Search vendor "Novell" for product "Client" | 2.0 Search vendor "Novell" for product "Client" and version "2.0" | sp3 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 8 Search vendor "Microsoft" for product "Windows 8" | - | x86 |
Safe
|
| Novell Search vendor "Novell" | Client Search vendor "Novell" for product "Client" | 2.0 Search vendor "Novell" for product "Client" and version "2.0" | sp3 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | r2 Search vendor "Microsoft" for product "Windows Server 2008" and version "r2" | - |
Safe
|