7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.928 High
EPSS
Percentile
98.8%
Added: 12/01/2006
CVE: CVE-2006-5854
BID: 21220
OSVDB: 30547
Novell Client software provides NetWare connectivity to Windows platforms.
The **nwspool.dll**
library in Novell Client is affected by buffer overflows in the **EnumPrinters**
and **OpenPrinter**
functions, allowing remote attackers to execute arbitrary commands by sending a specially crafted RPC request to the Spooler service.
Apply **491psp3_nwspool.exe**
. Patches are available from Novell.
<http://www.securityfocus.com/archive/1/453012>
[http://www.novell.com/support/search.do?cmd=displayKC&externalId=3125538&sliceId=SAL_Public ](<http://www.novell.com/support/search.do?cmd=displayKC&externalId=3125538&sliceId=SAL_Public
>)
Exploit works on Novell Client 4.91 SP3 on Windows 2000.
Windows