This Metasploit module exploits a flaw in the nicm.sys driver to execute arbitrary code in kernel space. The vulnerability occurs while handling ioctl requests with code 0x143B6B, where a user provided pointer is used as function pointer. The module has been tested successfully on Windows 7 SP1 with Novell Client 2 SP3.
29e2599fa19955b4e378cc384fac89d22004319b161281a41dcdcb36beb3e0b5