CVE-2013-3697

Published: Jul 31, 2013Modified: Apr 29, 2026

7.2

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 3.9 / Impact: 10.0

Source: NVD

Description

Integer overflow in the NWFS.SYS kernel driver 4.91.5.8 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003 and the NCPL.SYS kernel driver in Novell Client 2 SP2 on Windows Vista and Windows Server 2008 and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 might allow local users to gain privileges via a crafted 0x1439EB IOCTL call.

Affected (3)

Products: Novell: Client

Novell

1 product

Client

Configuration A

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Novell Client	Version 4.91 sp5

Running on/with	Platform Versions
Microsoft Windows 2003 Server	All versions
Microsoft Windows Xp	All versions

Configuration B

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Novell Client	Version 2.0 sp2

Running on/with	Platform Versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Vista	All versions

Configuration C

1 vulnerable · 4 platform

Vulnerable Software	Affected Versions
Novell Client	Version 2.0 sp3

Running on/with	Platform Versions
Microsoft Windows 7	All versions
Microsoft Windows 8	All versions
Microsoft Windows 8	All versions
Microsoft Windows Server 2008	Version r2

Related CWEs

CWE-189

References (4)

http://pastebin.com/RcS2Bucg

Source: cve@mitre.org

Exploit

http://www.novell.com/support/kb/doc.php?id=7012497

Source: cve@mitre.org

Vendor Advisory

http://pastebin.com/RcS2Bucg

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.novell.com/support/kb/doc.php?id=7012497

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.