CVE-2008-3158

Novell Client for Windows 4.91 SP4 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-3158. PoCs published by Metasploit, Ruben Santamarta, juan vazquez, including Metasploit module exploits/windows/local/novell_client_nwfs.

AI-analyzed exploit summary This Metasploit module exploits a flaw in the nwfs.sys driver to overwrite kernel data via ioctl requests, enabling local privilege escalation by corrupting the HalDispatchTable and executing arbitrary code.

Description

Unspecified vulnerability in NWFS.SYS in Novell Client for Windows 4.91 SP4 has unknown impact and attack vectors, possibly related to IOCTL requests that overwrite arbitrary memory.

Exploits (2)

exploitdb WORKING POC
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/26418

This Metasploit module exploits a flaw in the nwfs.sys driver to overwrite kernel data via ioctl requests, enabling local privilege escalation by corrupting the HalDispatchTable and executing arbitrary code.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Novell Client 4.91 SP4 (nwfs.sys driver)
No auth needed
Prerequisites: Local access to a vulnerable Windows XP SP3 system with Novell Client 4.91 SP4 installed
devstral-2 · analyzed Feb 18, 2026 Full analysis →
metasploit WORKING POC NORMAL
by Ruben Santamarta, juan vazquez · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/novell_client_nwfs.rb

This Metasploit module exploits a flaw in the nwfs.sys driver to overwrite data in kernel space, allowing local privilege escalation on Windows XP SP3 with Novell Client 4.91 SP4. It uses an ioctl request to corrupt memory and overwrite the HalDispatchTable to execute arbitrary code.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Novell Client 4.91 SP4 (nwfs.sys driver)
No auth needed
Prerequisites: Local access to a vulnerable Windows XP SP3 system with Novell Client 4.91 SP4 installed
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/43460
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1020385
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1968/references
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/30001
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30904

Scores

EPSS 0.0548
EPSS Percentile 91.7%

Details

CWE
CWE-264
Status published
Products (1)
novell/novell_client_for_windows 4.91_sp4
Published Jul 11, 2008
Tracked Since Feb 18, 2026