SAINT CorporationSAINT:39FC10E29905EE62B00269ED0CD7BCA4Novell iPrint Client nipplib.dll ActiveX buffer overflow
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.226 Low
EPSS
Percentile
96.0%
Added: 09/08/2008
CVE: CVE-2008-2436
BID: 30986
OSVDB: 47897
Background
Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Control ActiveX control named **ienipp.ocx**.
Problem
A buffer overflow vulnerability in the **IppCreateServerRef** method in the **nipplib.dll** library used by the Novell iPrint ActiveX control allows command execution when a user opens a specially crafted web page.
Resolution
Upgrade to version 4.38 or version 5.08 or higher.
References
<http://secunia.com/secunia_research/2008-33/advisory/>
Limitations
Exploit works on Novell iPrint Client 4.26.00 and requires a user to open the exploit page in Internet Explorer.
Platforms
Windows
Related
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.226 Low
EPSS
Percentile
96.0%