CVE-2007-5667
Novell Client 4.91 SP 1-4 - Privilege Escalation via NWFILTER.SYS IOCTL
Title source: llmDescription
NWFILTER.SYS in Novell Client 4.91 SP 1 through SP 4 for Windows 2000, XP, and Server 2003 makes the \.\nwfilter device available for arbitrary user-mode input via METHOD_NEITHER IOCTLs, which allows local users to gain privileges by passing a kernel address as an argument and overwriting kernel memory locations.
References (8)
Core 8
Core References
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27678
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/38434
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1018943
Patch x_refsource_confirm
https://secure-support.novell.com/KanisaPlatform/Publishing/98/3260263_f.SAL_Public.html
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3846
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/26420
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/40867
Third Party Advisory third-party-advisory
x_refsource_idefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=626
Scores
EPSS
0.0004
EPSS Percentile
10.7%
Details
CWE
CWE-20
Status
published
Products (1)
novell/client
4.91 sp1 (4 CPE variants)
Published
Nov 14, 2007
Tracked Since
Feb 18, 2026