Vulnerability Description
The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003; Novell Client 2 SP2 on Windows Vista and Windows Server 2008; and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted 0x143B6B IOCTL call.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Novell | Client | 4.91 |
| Microsoft | Windows 2003 Server | All versions |
| Microsoft | Windows Xp | All versions |
| Microsoft | Windows Server 2008 | - |
| Microsoft | Windows Vista | All versions |
| Microsoft | Windows 7 | All versions |
| Microsoft | Windows 8 | - |
Related Weaknesses (CWE)
References
- http://pastebin.com/GB4iiEwRExploit
- http://www.exploit-db.com/exploits/26452
- http://www.exploit-db.com/exploits/27191
- http://www.novell.com/support/kb/doc.php?id=7012497Vendor Advisory
- http://pastebin.com/GB4iiEwRExploit
- http://www.exploit-db.com/exploits/26452
- http://www.exploit-db.com/exploits/27191
- http://www.novell.com/support/kb/doc.php?id=7012497Vendor Advisory
FAQ
What is CVE-2013-3956?
CVE-2013-3956 is a vulnerability with a CVSS score of 7.2 (HIGH). The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003; Novell Client 2 SP2 on Windows Vista and Windows Server 2008; and Novell Client 2 SP3 on Windows Se...
How severe is CVE-2013-3956?
CVE-2013-3956 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-3956?
Check the references section above for vendor advisories and patch information. Affected products include: Novell Client, Microsoft Windows 2003 Server, Microsoft Windows Xp, Microsoft Windows Server 2008, Microsoft Windows Vista.