Lucene search

K
saintSAINT CorporationSAINT:603BCDBDAE7591B8D1439474064CD1BC
HistorySep 08, 2008 - 12:00 a.m.

Novell iPrint Client nipplib.dll ActiveX buffer overflow

2008-09-0800:00:00
SAINT Corporation
www.saintcorporation.com
8

0.226 Low

EPSS

Percentile

96.0%

Added: 09/08/2008
CVE: CVE-2008-2436
BID: 30986
OSVDB: 47897

Background

Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Control ActiveX control named **ienipp.ocx**.

Problem

A buffer overflow vulnerability in the **IppCreateServerRef** method in the **nipplib.dll** library used by the Novell iPrint ActiveX control allows command execution when a user opens a specially crafted web page.

Resolution

Upgrade to version 4.38 or version 5.08 or higher.

References

<http://secunia.com/secunia_research/2008-33/advisory/&gt;

Limitations

Exploit works on Novell iPrint Client 4.26.00 and requires a user to open the exploit page in Internet Explorer.

Platforms

Windows

0.226 Low

EPSS

Percentile

96.0%

Related for SAINT:603BCDBDAE7591B8D1439474064CD1BC