Vulnerability Details : CVE-2008-3158
Public exploit exists!
Unspecified vulnerability in NWFS.SYS in Novell Client for Windows 4.91 SP4 has unknown impact and attack vectors, possibly related to IOCTL requests that overwrite arbitrary memory.
Products affected by CVE-2008-3158
- cpe:2.3:a:novell:novell_client_for_windows:4.91_sp4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-3158
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 47 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2008-3158
-
Novell Client 4.91 SP4 nwfs.sys Local Privilege Escalation
Disclosure Date: 2008-06-26First seen: 2020-04-26exploit/windows/local/novell_client_nwfsThis module exploits a flaw in the nwfs.sys driver to overwrite data in kernel space. The corruption occurs while handling ioctl requests with code 0x1438BB, where a 0x00000009 dword is written to an arbitrary address. An entry within the HalDispatchT
CVSS scores for CVE-2008-3158
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.9
|
MEDIUM | AV:L/AC:M/Au:N/C:C/I:C/A:C |
3.4
|
10.0
|
NIST |
CWE ids for CVE-2008-3158
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-3158
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/43460
-
http://www.securityfocus.com/bid/30001
Novell Client 'NWFS.SYS' IOCTL Request Local Privilege Escalation Vulnerability
-
http://www.securitytracker.com/id?1020385
-
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5028543.html
Patch
-
http://www.vupen.com/english/advisories/2008/1968/references
Jump to