{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-11-13T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "NWFILTER.SYS in Novell Client 4.91 SP 1 through SP 4 for Windows 2000, XP, and Server 2003 makes the \\.\\nwfilter device available for arbitrary user-mode input via METHOD_NEITHER IOCTLs, which allows local users to gain privileges by passing a kernel address as an argument and overwriting kernel memory locations."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "27678", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27678"}, {"name": "novell-client-nwfilter-privilege-escalation(38434)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38434"}, {"name": "1018943", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1018943"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/98/3260263_f.SAL_Public.html"}, {"name": "ADV-2007-3846", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3846"}, {"name": "26420", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26420"}, {"name": "40867", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/40867"}, {"name": "20071112 Novell NetWare Client NWFILTER.SYS Local Privilege Escalation Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=626"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-5667", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "NWFILTER.SYS in Novell Client 4.91 SP 1 through SP 4 for Windows 2000, XP, and Server 2003 makes the \\.\\nwfilter device available for arbitrary user-mode input via METHOD_NEITHER IOCTLs, which allows local users to gain privileges by passing a kernel address as an argument and overwriting kernel memory locations."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "27678", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27678"}, {"name": "novell-client-nwfilter-privilege-escalation(38434)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38434"}, {"name": "1018943", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018943"}, {"name": "https://secure-support.novell.com/KanisaPlatform/Publishing/98/3260263_f.SAL_Public.html", "refsource": "CONFIRM", "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/98/3260263_f.SAL_Public.html"}, {"name": "ADV-2007-3846", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3846"}, {"name": "26420", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26420"}, {"name": "40867", "refsource": "OSVDB", "url": "http://osvdb.org/40867"}, {"name": "20071112 Novell NetWare Client NWFILTER.SYS Local Privilege Escalation Vulnerability", "refsource": "IDEFENSE", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=626"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:39:13.709Z"}, "title": "CVE Program Container", "references": [{"name": "27678", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27678"}, {"name": "novell-client-nwfilter-privilege-escalation(38434)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38434"}, {"name": "1018943", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1018943"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/98/3260263_f.SAL_Public.html"}, {"name": "ADV-2007-3846", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/3846"}, {"name": "26420", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/26420"}, {"name": "40867", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/40867"}, {"name": "20071112 Novell NetWare Client NWFILTER.SYS Local Privilege Escalation Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE", "x_transferred"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=626"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-5667", "datePublished": "2007-11-14T01:00:00.000Z", "dateReserved": "2007-10-23T00:00:00.000Z", "dateUpdated": "2024-08-07T15:39:13.709Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:adv_srv:*:*:*:*:*", "matchCriteriaId": "4A894A39-8BB4-4923-B4CD-1CB93703B428", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:datacenter_srv:*:*:*:*:*", "matchCriteriaId": "C3822450-7A42-45DD-A172-E964409C5BB7", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:pro:*:*:*:*:*", "matchCriteriaId": "26CF0F23-E9B6-415F-868A-C883EF11F389", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:srv:*:*:*:*:*", "matchCriteriaId": "09C3156A-9DCF-4217-A5AC-9D3A5654CAC1", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:srv:ja:*:*:*:*", "matchCriteriaId": "64546AE1-1691-4BAF-B2C9-6698F3FFDF87", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_2000:-:*:*:*:*:*:*:*", "matchCriteriaId": "685F1981-EA61-4A00-89F8-A748A88962F8", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:itanium:*:*:*:*:*", "matchCriteriaId": "580632FB-7EB8-4DC6-A372-742D4523BF79", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:std:*:*:*:*:*", "matchCriteriaId": "9562EC45-0F28-4E4D-AA16-7E34241F26B5", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:wed:*:*:*:*:*", "matchCriteriaId": "1DA5F012-9457-4562-B50C-2C674008B494", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*", "matchCriteriaId": "CD264C73-360E-414D-BE22-192F92E5A0A3", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:x64-std:*:*:*:*:*", "matchCriteriaId": "4EF7C885-1142-477C-9AA2-5068EB9EFE82", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:xp-64bit:*:*:*:*:*", "matchCriteriaId": "5B5D0781-714B-4BE8-B74A-3A2CBC58F604", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:-:*:*:*:*:*:*:*", "matchCriteriaId": "EAA86830-BEA8-4943-83EA-C267FA534223", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*", "matchCriteriaId": "31A64C69-D182-4BEC-BA8A-7B405F5B2FC0", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:64bit:*:*:*:*:*", "matchCriteriaId": "40DCD873-93E3-403A-8446-65F7E1B4FAD8", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:embedded:*:*:*:*:*", "matchCriteriaId": "B95B2BE4-B4E0-4B77-9999-53B9224F5CB1", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:ibm_oem:*:*:*:*:*", "matchCriteriaId": "81A690FA-1808-4E4F-8CBC-75FB5358D439", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*", "matchCriteriaId": "403945FA-8676-4D98-B903-48452B46F48F", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:pro:*:*:*:*:*", "matchCriteriaId": "19DA594E-B495-4C5D-BC94-79582D3983C9", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:tablet_pc:*:*:*:*:*", "matchCriteriaId": "E4707F3F-F79E-4085-A81B-569204B7B1DB", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:x64:*:*:*:*:*", "matchCriteriaId": "ACF75FC8-095A-4EEA-9A41-C27CFF3953FB", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:-:*:*:*:*:*:*:*", "matchCriteriaId": "B47EBFCC-1828-45AB-BC6D-FB980929A81A", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:novell:client:4.91:sp1:*:*:*:*:*:*", "matchCriteriaId": "E98A16C1-2026-4C53-B22E-51F07028DCB8", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:client:4.91:sp2:*:*:*:*:*:*", "matchCriteriaId": "78A17422-1FFE-4942-A6F1-01F99E4D42F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:client:4.91:sp3:*:*:*:*:*:*", "matchCriteriaId": "F0CBDEB2-98CF-4C6A-A45A-F5B61803E449", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:client:4.91:sp4:*:*:*:*:*:*", "matchCriteriaId": "EDDFB0E9-EF4C-4E9E-9369-453AF2A8481F", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "NWFILTER.SYS in Novell Client 4.91 SP 1 through SP 4 for Windows 2000, XP, and Server 2003 makes the \\.\\nwfilter device available for arbitrary user-mode input via METHOD_NEITHER IOCTLs, which allows local users to gain privileges by passing a kernel address as an argument and overwriting kernel memory locations."}, {"lang": "es", "value": "NWFILTER.SYS en Novell Client 4.91 SP 1 hasta el SP 4 para Windows 2000, XP, y Server 2003 toma el dispositivo disponible \\.\\nwfilter para entradas METHOD_NEITHER IOCTLs en modo usuario de su elecci\u00f3n, lo cual permite a usuarios locales ganar privilegios pasando la direcci\u00f3n del n\u00facleo como un argumento y sobrescribiendo localizaciones de la memoria del n\u00facleo."}], "id": "CVE-2007-5667", "lastModified": "2026-04-23T00:35:47.467", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-11-14T01:46:00.000", "references": [{"source": "cve@mitre.org", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=626"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/40867"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/27678"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/26420"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1018943"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/3846"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38434"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/98/3260263_f.SAL_Public.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=626"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/40867"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/27678"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/26420"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1018943"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/3846"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38434"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/98/3260263_f.SAL_Public.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}