Environment
Novell Client for Windows 2000/XP/2003 4.91 Support Pack 3
Novell Client for Windows 2000/XP/2003 4.91 Support Pack 4
Novell Client for Windows 2000/XP/2003 4.91 Support Pack 4
Situation
Local exploitation of an input validation error vulnerability within NICM.SYS could allow an unprivileged attacker to execute arbitrary code within the kernel. In order to exploit the vulnerability, an attacker would need to first log in and must then be able to execute a specially-crafted executable.
Resolution
Download and install the following patch file for the Novell Client for Windows XP/2003 SP3 and SP4:
Title: Novell Client 4.91 Post-SP3/4 NICM.SYS
Filename: 491psp3_4_nicm.zip
Readme: https://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5007683.html
Title: Novell Client 4.91 Post-SP3/4 NICM.SYS
Filename: 491psp3_4_nicm.zip
Readme: https://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5007683.html
Status
Security AlertAdditional Information
CVE-2007-5762, found by Stephen Fewer of Harmony Security (www.harmonysecurity.com) working with the VeriSign iDefense VCP.