0-days in Novell Client for Windows

If you are still using Novell Client for Windows, start looking for an alternative. At least 2 0-day exploits for the kernel driver have surfaced on the internet. eEye, the security firm, has documented the issues with the ids 20130510 and 20130522.

The first, 20130510 relates to the old Novell client 4.91 SP5 IR1 for windows xp/2003. The second, 20130522 concerns Novell CLient 2 SP3 for windows 7 and 8. Both exploits only offer attackers local code execution within the kernel, but that could be used by attackers to disguise a previous compromise as part of digging further into a system. So far, there are no patches or useful workarounds for either flaw.