10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.854 High
EPSS
Percentile
98.2%
Added: 08/10/2012
CVE: CVE-2011-4187
BID: 51926
OSVDB: 78955
Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Client ActiveX control named **ienipp.ocx**
.
Novell iPrint Client before 5.78 on Windows is vulnerable to a stack buffer overflow as a result of improper verification of a user-supplied realm parameter. The flaw exists within the exposed **GetDriverSettings**
method in the **nipplib.dll**
component imported by **ienipp.ocx**
. A remote attacker who persuades a user to visit a malicious web page with a specially crafted realm argument could exploit this vulnerability to execute arbitrary code in the context of the user.
Upgrade to iPrint Client for Windows 5.78 or later.
<http://www.zerodayinitiative.com/advisories/ZDI-12-102/>
<http://www.novell.com/support/viewContent.do?externalId=7010143>
This exploit has been tested against Novell iPrint Client 5.74 on Windows XP SP3 English (DEP OptIn).
The user must open the exploit page in Internet Explorer 8.
Windows