// For flags

CVE-2013-3956

Novell Client 2 SP3 - 'nicm.sys 3.1.11.0' Local Privilege Escalation

Severity Score

7.2
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

5
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003; Novell Client 2 SP2 on Windows Vista and Windows Server 2008; and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted 0x143B6B IOCTL call.

El controlador del kernel NICM.SYS 3.1.11.0 en Novell Client 4.91 SP5 sobre Windows XP and Windows Server 2003; Novell Client 2 SP2 sobre Windows Vista y Windows Server 2008; y Novell Client 2 SP3 sobre Windows Server 2008 R2, Windows 7, Windows 8, y Windows Server 2012, permite a usuarios locales obtener privilegio a través de una llamada 0x143B6B IOCTL manipulada.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2013-06-05 CVE Reserved
  • 2013-06-26 First Exploit
  • 2013-07-31 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-08-24 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Novell
Search vendor "Novell"
Client
Search vendor "Novell" for product "Client"
4.91
Search vendor "Novell" for product "Client" and version "4.91"
sp5
Affected
in Microsoft
Search vendor "Microsoft"
Windows 2003 Server
Search vendor "Microsoft" for product "Windows 2003 Server"
*-
Safe
Novell
Search vendor "Novell"
Client
Search vendor "Novell" for product "Client"
4.91
Search vendor "Novell" for product "Client" and version "4.91"
sp5
Affected
in Microsoft
Search vendor "Microsoft"
Windows Xp
Search vendor "Microsoft" for product "Windows Xp"
*-
Safe
Novell
Search vendor "Novell"
Client
Search vendor "Novell" for product "Client"
2.0
Search vendor "Novell" for product "Client" and version "2.0"
sp2
Affected
in Microsoft
Search vendor "Microsoft"
Windows Server 2008
Search vendor "Microsoft" for product "Windows Server 2008"
--
Safe
Novell
Search vendor "Novell"
Client
Search vendor "Novell" for product "Client"
2.0
Search vendor "Novell" for product "Client" and version "2.0"
sp2
Affected
in Microsoft
Search vendor "Microsoft"
Windows Vista
Search vendor "Microsoft" for product "Windows Vista"
*-
Safe
Novell
Search vendor "Novell"
Client
Search vendor "Novell" for product "Client"
2.0
Search vendor "Novell" for product "Client" and version "2.0"
sp3
Affected
in Microsoft
Search vendor "Microsoft"
Windows 7
Search vendor "Microsoft" for product "Windows 7"
*-
Safe
Novell
Search vendor "Novell"
Client
Search vendor "Novell" for product "Client"
2.0
Search vendor "Novell" for product "Client" and version "2.0"
sp3
Affected
in Microsoft
Search vendor "Microsoft"
Windows 8
Search vendor "Microsoft" for product "Windows 8"
-x64
Safe
Novell
Search vendor "Novell"
Client
Search vendor "Novell" for product "Client"
2.0
Search vendor "Novell" for product "Client" and version "2.0"
sp3
Affected
in Microsoft
Search vendor "Microsoft"
Windows 8
Search vendor "Microsoft" for product "Windows 8"
-x86
Safe
Novell
Search vendor "Novell"
Client
Search vendor "Novell" for product "Client"
2.0
Search vendor "Novell" for product "Client" and version "2.0"
sp3
Affected
in Microsoft
Search vendor "Microsoft"
Windows Server 2008
Search vendor "Microsoft" for product "Windows Server 2008"
r2
Search vendor "Microsoft" for product "Windows Server 2008" and version "r2"
-
Safe