Novell iPrint Client ActiveX Control GetDriverSettings buffer overflow

2010-11-24T00:00:00
ID SAINT:178E04A58D26A0A97A29E12ECB1C6F4F
Type saint
Reporter SAINT Corporation
Modified 2010-11-24T00:00:00

Description

Added: 11/24/2010
CVE: CVE-2010-4321
BID: 44966
OSVDB: 69357

Background

Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Client ActiveX control named **ienipp.ocx**.

Problem

A buffer overflow vulnerability in the Novell iPrint Client ActiveX control in version prior to 5.56, which allows command execution when a user loads a web page which calls the GetDriverSettings method with a specially crafted argument.

Resolution

Upgrade to iPrint Client 5.56 or later.

References

<http://www.zerodayinitiative.com/advisories/ZDI-10-256/>
<http://www.novell.com/support/viewContent.do?externalId=7007234>

Limitations

This exploit has been tested against Novell iPrint 5.52 and requires a user to load the exploit page in Internet Explorer 6 or 7.

Platforms

Windows