SAINT CorporationSAINT:5AF2D008AC391D799DC104DC055B5F82Novell iPrint Client ienipp.ocx ActiveX control buffer overflow
0.41 Medium
EPSS
Percentile
97.3%
Added: 06/25/2008
CVE: CVE-2008-2908
BID: 29736
OSVDB: 46194
Background
Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Control ActiveX control named **ienipp.ocx**.
Problem
Multiple buffer overflow vulnerabilities in the Novell iPrint Client allow command execution when a user loads a web page which instantiates the Novell iPrint Control ActiveX control with specially crafted parameters.
Resolution
Upgrade to Novell iPrint Client 4.36.
References
<http://www.kb.cert.org/vuls/id/145313>
<http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5028061.html>
Limitations
Exploit works on Novell iPrint Client 4.34 and requires a user to load the exploit page in Internet Explorer.
Platforms
Windows
Related
