CVE-2007-5762

Опубликовано: 09 янв. 2008

Источник: nvd

CVSS2: 7.2

EPSS Низкий

Описание

NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91 SP4, allows local users to execute arbitrary code by opening the \.\nicm device and providing crafted kernel addresses via IOCTLs with the METHOD_NEITHER buffering mode.

Ссылки

http://download.novell.com/Download?buildid=4FmI89wOmg4~
Patch
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=637
Patch
http://secunia.com/advisories/28396
Vendor Advisory
http://www.securityfocus.com/bid/27209
Patch
http://www.securitytracker.com/id?1019172
http://www.vupen.com/english/advisories/2008/0088
https://exchange.xforce.ibmcloud.com/vulnerabilities/39576
http://download.novell.com/Download?buildid=4FmI89wOmg4~
Patch
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=637
Patch
http://secunia.com/advisories/28396
Vendor Advisory
http://www.securityfocus.com/bid/27209
Patch
http://www.securitytracker.com/id?1019172
http://www.vupen.com/english/advisories/2008/0088
https://exchange.xforce.ibmcloud.com/vulnerabilities/39576

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:novell:netware_client:4.91:sp4:*:*:*:*:*:*

EPSS

Процентиль: 64%

0.00477

Низкий

7.2 High

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-jvm6-98cw-prpg

github

почти 4 года назад

NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91 SP4, allows local users to execute arbitrary code by opening the \\.\nicm device and providing crafted kernel addresses via IOCTLs with the METHOD_NEITHER buffering mode.