← All drivers
vulnerable
Driver

nicm.sys

Novell Client kernel driver

From Novell (now OpenText)
Part of the Novell family
Status
On a known-vulnerable list
Known variants
3 distinct hashes
Public CVEs
1
Field notes

nicm.sys is a kernel driver from the Novell Client, used in enterprise environments that ran Novell NetWare or eDirectory file-and-print services. CVE-2013-3956 documented a local privilege escalation through the driver: a specially-formed IOCTL request supplies a user-mode pointer that the driver calls as a function pointer, giving arbitrary kernel-mode code execution to any local user.

Why it persists on the catalog: although the supported Novell Client has been updated, older signed versions still load on modern Windows. The driver is not part of a typical gaming PC; its appearance normally traces back to a previous enterprise deployment.

If you find it on a personal system you do not recognize, uninstall the Novell Client through Windows' Apps & features.

What the record shows

nicm.sys is listed as a known-vulnerable driver on the public LOLDrivers project. 3 distinct binary hashes matching this filename are on record, meaning multiple versions of the file have been observed.

Public CVEs
What this means, plainly
Presence is not proof of misuse. Driver files on the LOLDrivers list commonly ship with legitimate hardware tools, gaming software, or vendor utilities. Their presence is recorded as evidence on a record. It is never treated as a verdict about a person.
Related drivers

Other drivers in the Novell family. See the whole family →

Source

Status data comes from the public LOLDrivers project, a community-curated registry of drivers known to be vulnerable or malicious. The snapshot Vera uses was refreshed July 10, 2026. CVE links go to the NIST National Vulnerability Database.

Cite this entry

Vera Project. “nicm.sys.” Vera Field Guide (Driver). The Vera Project. https://www.veraproject.xyz/field-guide/drivers/nicm-sys