CVE-2007-5762

EPSS 0.48%
Published 09.01.2008 22:46:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91 SP4, allows local users to execute arbitrary code by opening the \\.\nicm device and providing crafted kernel addresses via IOCTLs with the METHOD_NEITHER buffering mode.

Affected products Warnungen 0 Metrics 2 CWE 1 References 10

Data is provided by the National Vulnerability Database (NVD)

Novell ≫ Netware Client Version4.91 Updatesp4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.48%	0.64

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://download.novell.com/Download?buildid=4FmI89wOmg4~

Patch

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=637

Patch

http://secunia.com/advisories/28396

Vendor Advisory

http://www.securityfocus.com/bid/27209

Patch

http://www.securitytracker.com/id?1019172

http://www.vupen.com/english/advisories/2008/0088

https://exchange.xforce.ibmcloud.com/vulnerabilities/39576

https://nvd.nist.gov/vuln/detail/CVE-2007-5762

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-5762

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-5762

EUVD