The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003; Novell Client 2 SP2 on Windows Vista and Windows Server 2008; and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted 0x143B6B IOCTL call.
Published 2013-07-31 13:20:29
Updated 2013-08-22 06:54:10
Source MITRE
View at NVD,   CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2013-3956

Probability of exploitation activity in the next 30 days: 0.46%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 75 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2013-3956

  • Novell Client 2 SP3 nicm.sys Local Privilege Escalation
    Disclosure Date: 2013-05-22
    First seen: 2020-04-26
    exploit/windows/local/novell_client_nicm
    This module exploits a flaw in the nicm.sys driver to execute arbitrary code in kernel space. The vulnerability occurs while handling ioctl requests with code 0x143B6B, where a user provided pointer is used as function pointer. The module has been tes

CVSS scores for CVE-2013-3956

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source
7.2
HIGH AV:L/AC:L/Au:N/C:C/I:C/A:C
3.9
10.0
NIST

CWE ids for CVE-2013-3956

  • Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-3956

Products affected by CVE-2013-3956

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!