Lucene search

K

[email protected]NVD:CVE-2010-3106

HistoryAug 23, 2010 - 10:00 p.m.

CVE-2010-3106

2010-08-2322:00:03

CWE-20

[email protected]

web.nvd.nist.gov

2

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

High

0.175 Low

EPSS

Percentile

96.1%

The ienipp.ocx ActiveX control in the browser plugin in Novell iPrint Client before 5.42 does not properly validate the debug parameter, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a parameter value with a crafted length, related to the ExecuteRequest method.

Affected configurations

NVD

Node

novelliprintRange≤5.40

OR

novelliprintMatch4.26

OR

novelliprintMatch4.27

OR

novelliprintMatch4.28

OR

novelliprintMatch4.30

OR

novelliprintMatch4.32

OR

novelliprintMatch4.34

OR

novelliprintMatch4.36

OR

novelliprintMatch4.38

OR

novelliprintMatch5.04

OR

novelliprintMatch5.12

OR

novelliprintMatch5.20b

OR

novelliprintMatch5.30

OR

novelliprintMatch5.32

References

download.novell.com/Download?buildid=ftwZBxEFjIg~

dvlabs.tippingpoint.com/advisory/TPTI-10-06

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12044

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

High

0.175 Low

EPSS

Percentile

96.1%

Related for NVD:CVE-2010-3106

packetstorm1 seebug2 metasploit1 exploitpack1 cvelist1 cve1 openvas4 prion1 exploitdb2 nessus1