Novell iPrint Client IPP Response URI handling buffer overflow

2013-07-05T00:00:00
ID SAINT:4287392BC3A35F68E6CEA3F547545815
Type saint
Reporter SAINT Corporation
Modified 2013-07-05T00:00:00

Description

Added: 07/05/2013
CVE: CVE-2013-1091
BID: 59612
OSVDB: 92938

Background

Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Control ActiveX control named **ienipp.ocx**.

Problem

A buffer overflow vulnerability within the handling of functions that take a URI as a parameter allows arbitrary command execution when a user loads a specially crafted web page.

Resolution

Apply the patch referenced in Novell knowledge base document 7012344.

References

<http://www.novell.com/support/kb/doc.php?id=7012344>
<http://www.zerodayinitiative.com/advisories/ZDI-13-096/>

Limitations

Exploit works on Novell iPrint Client 05.86.00 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn) and requires a user to load the exploit page in Internet Explorer 8.

The SAINTexploit host must be able to bind to port 631/tcp.

Platforms

Windows