Novell Client software provides NetWare connectivity to Windows platforms.
**nwspool.dll** library in Novell Client is affected by a buffer overflow in the
**EnumPrinters** function, allowing remote attackers to execute arbitrary commands by sending a specially crafted RPC request to the Spooler service.
Exploit works on Novell Client for Windows 4.91 SP4 with the 4.91 Post-SP2/3/4 nwspool.dll 1 patch.
In order for the exploit to succeed against Windows Server 2003 targets, a shared printer must be configured, the login and password of an account with administrator privileges must be provided, and the Crypt::DES, Digest::MD4, and Digest::MD5 PERL modules must be installed. These modules are available from <http://cpan.org/modules/by-module/>.
Windows Server 2003