CVE-2007-5667

CVSS V2 High 7.2 CVSS V3 None
Description
NWFILTER.SYS in Novell Client 4.91 SP 1 through SP 4 for Windows 2000, XP, and Server 2003 makes the \.\nwfilter device available for arbitrary user-mode input via METHOD_NEITHER IOCTLs, which allows local users to gain privileges by passing a kernel address as an argument and overwriting kernel memory locations.
Overview
  • CVE ID
  • CVE-2007-5667
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2007-11-14T01:46:00
  • Last Modified Date
  • 2021-07-07T16:09:50
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:microsoft:windows_2000:*:*:adv_srv:*:*:*:*:* 0 OR
cpe:2.3:o:microsoft:windows_2000:*:*:datacenter_srv:*:*:*:*:* 0 OR
cpe:2.3:o:microsoft:windows_2000:*:*:pro:*:*:*:*:* 0 OR
cpe:2.3:o:microsoft:windows_2000:*:*:srv:*:*:*:*:* 0 OR
cpe:2.3:o:microsoft:windows_2000:*:*:srv:ja:*:*:*:* 0 OR
cpe:2.3:o:microsoft:windows_2000:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:microsoft:windows_2003_server:*:*:itanium:*:*:*:*:* 0 OR
cpe:2.3:o:microsoft:windows_2003_server:*:*:std:*:*:*:*:* 0 OR
cpe:2.3:o:microsoft:windows_2003_server:*:*:wed:*:*:*:*:* 0 OR
cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:* 0 OR
cpe:2.3:o:microsoft:windows_2003_server:*:*:x64-std:*:*:*:*:* 0 OR
cpe:2.3:o:microsoft:windows_2003_server:*:*:xp-64bit:*:*:*:*:* 0 OR
cpe:2.3:o:microsoft:windows_2003_server:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:microsoft:windows_xp:*:*:64bit:*:*:*:*:* 0 OR
cpe:2.3:o:microsoft:windows_xp:*:*:embedded:*:*:*:*:* 0 OR
cpe:2.3:o:microsoft:windows_xp:*:*:ibm_oem:*:*:*:*:* 0 OR
cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:* 0 OR
cpe:2.3:o:microsoft:windows_xp:*:*:pro:*:*:*:*:* 0 OR
cpe:2.3:o:microsoft:windows_xp:*:*:tablet_pc:*:*:*:*:* 0 OR
cpe:2.3:o:microsoft:windows_xp:*:*:x64:*:*:*:*:* 0 OR
cpe:2.3:o:microsoft:windows_xp:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:a:novell:client:4.91:sp1:*:*:*:*:*:* 1 OR
cpe:2.3:a:novell:client:4.91:sp2:*:*:*:*:*:* 1 OR
cpe:2.3:a:novell:client:4.91:sp3:*:*:*:*:*:* 1 OR
cpe:2.3:a:novell:client:4.91:sp4:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:L/AC:L/Au:N/C:C/I:C/A:C
  • Access Vector
  • LOCAL
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • COMPLETE
  • Integrity Impact
  • COMPLETE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 7.2
  • Severity
  • HIGH
  • Exploitability Score
  • 3.9
  • Impact Score
  • 10
History
Created Old Value New Value Data Type Notes
2022-05-10 07:08:35 Added to TrackCVE