SAINT CorporationSAINT:0721D7895A29740CE3C902DF71F560F8Novell iPrint Client GetDriverSettings Realm Parameter Stack Buffer Overflow
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.854 High
EPSS
Percentile
98.2%
Added: 08/10/2012
CVE: CVE-2011-4187
BID: 51926
OSVDB: 78955
Background
Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Client ActiveX control named **ienipp.ocx**.
Problem
Novell iPrint Client before 5.78 on Windows is vulnerable to a stack buffer overflow as a result of improper verification of a user-supplied realm parameter. The flaw exists within the exposed **GetDriverSettings** method in the **nipplib.dll** component imported by **ienipp.ocx**. A remote attacker who persuades a user to visit a malicious web page with a specially crafted realm argument could exploit this vulnerability to execute arbitrary code in the context of the user.
Resolution
Upgrade to iPrint Client for Windows 5.78 or later.
References
<http://www.zerodayinitiative.com/advisories/ZDI-12-102/>
<http://www.novell.com/support/viewContent.do?externalId=7010143>
Limitations
This exploit has been tested against Novell iPrint Client 5.74 on Windows XP SP3 English (DEP OptIn).
The user must open the exploit page in Internet Explorer 8.
Platforms
Windows
Related
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.854 High
EPSS
Percentile
98.2%