CVE-2008-3158
published 2008-07-11CVE-2008-3158: Unspecified vulnerability in NWFS.SYS in Novell Client for Windows 4.91 SP4 has unknown impact and attack vectors, possibly related to IOCTL requests that…
PriorityP334medium6.9CVSS 2.0
AVLACMAuNCCICAC
EXPLOIT
EPSS
5.48%
91.8th percentile
Unspecified vulnerability in NWFS.SYS in Novell Client for Windows 4.91 SP4 has unknown impact and attack vectors, possibly related to IOCTL requests that overwrite arbitrary memory.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| novell | novell_client_for_windows | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Novell Client 4.91 SP4 - 'nwfs.sys' Local Privilege Escalation (Metasploit)
exploitdb·2013-06-24
CVE-2008-3158 Novell Client 4.91 SP4 - 'nwfs.sys' Local Privilege Escalation (Metasploit)
Novell Client 4.91 SP4 - 'nwfs.sys' Local Privilege Escalation (Metasploit)
---
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
##
require 'msf/core'
require 'rex'
require 'msf/core/post/common'
require 'msf/core/post/windows/priv'
class Metasploit3 'Novell Client 4.91 SP4 nwfs.sys Local Privilege Escalation',
'Description' => %q{
This module exploits a flaw in the nwfs.sys driver to overwrite data in kernel
space. The corruption occurs while handling ioctl requests with code 0x1438BB,
where a 0x00000009 dword is written to an arbitrary address. An entry within the
HalDispatchTable is overwritten in orde
Metasploit
Novell Client 4.91 SP4 nwfs.sys Local Privilege Escalation
metasploit
Novell Client 4.91 SP4 nwfs.sys Local Privilege Escalation
Novell Client 4.91 SP4 nwfs.sys Local Privilege Escalation
This module exploits a flaw in the nwfs.sys driver to overwrite data in kernel space. The corruption occurs while handling ioctl requests with code 0x1438BB, where a 0x00000009 dword is written to an arbitrary address. An entry within the HalDispatchTable is overwritten in order to execute arbitrary code when NtQueryIntervalProfile is called. The module has been tested successfully on Windows XP SP3 with Novell Client 4.91 SP4.
No writeups or analysis indexed.
http://secunia.com/advisories/30904http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5028543.htmlhttp://www.securityfocus.com/bid/30001http://www.securitytracker.com/id?1020385http://www.vupen.com/english/advisories/2008/1968/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/43460http://secunia.com/advisories/30904http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5028543.htmlhttp://www.securityfocus.com/bid/30001http://www.securitytracker.com/id?1020385http://www.vupen.com/english/advisories/2008/1968/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/43460
2008-07-11
Published