CVE-2007-5667

CWE-20 — Improper Input Validation3 documents3 sources

Severity

7.2HIGH

EPSS

0.0%

top 89.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Novell Client

Timeline

PublishedNov 14

Latest updateMay 1

Description

NWFILTER.SYS in Novell Client 4.91 SP 1 through SP 4 for Windows 2000, XP, and Server 2003 makes the \.\nwfilter device available for arbitrary user-mode input via METHOD_NEITHER IOCTLs, which allows local users to gain privileges by passing a kernel address as an argument and overwriting kernel memory locations.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDnovell/client4.91

Patches

Patch: secunia.com ↗Patch: secure-support.novell.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-c6gm-3h36-cg93: NWFILTER↗2022-05-01

▶

CVEList

CVE-2007-5667: NWFILTER↗2007-11-14

▶