Vulnerability Description
Integer overflow in the NWFS.SYS kernel driver 4.91.5.8 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003 and the NCPL.SYS kernel driver in Novell Client 2 SP2 on Windows Vista and Windows Server 2008 and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 might allow local users to gain privileges via a crafted 0x1439EB IOCTL call.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Novell | Client | 4.91 |
| Microsoft | Windows 2003 Server | All versions |
| Microsoft | Windows Xp | All versions |
| Microsoft | Windows Server 2008 | - |
| Microsoft | Windows Vista | All versions |
| Microsoft | Windows 7 | All versions |
| Microsoft | Windows 8 | - |
Related Weaknesses (CWE)
References
- http://pastebin.com/RcS2BucgExploit
- http://www.novell.com/support/kb/doc.php?id=7012497Vendor Advisory
- http://pastebin.com/RcS2BucgExploit
- http://www.novell.com/support/kb/doc.php?id=7012497Vendor Advisory
FAQ
What is CVE-2013-3697?
CVE-2013-3697 is a vulnerability with a CVSS score of 7.2 (HIGH). Integer overflow in the NWFS.SYS kernel driver 4.91.5.8 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003 and the NCPL.SYS kernel driver in Novell Client 2 SP2 on Windows Vista and Windo...
How severe is CVE-2013-3697?
CVE-2013-3697 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-3697?
Check the references section above for vendor advisories and patch information. Affected products include: Novell Client, Microsoft Windows 2003 Server, Microsoft Windows Xp, Microsoft Windows Server 2008, Microsoft Windows Vista.