SAINT CorporationSAINT:6AEBC4DDC89671A50D70B7D1D8AE9910Novell iPrint Client ActiveX control call-back-url buffer overflow
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.3%
Added: 08/25/2010
CVE: CVE-2010-1527
BID: 42576
Background
Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Control ActiveX control named **ienipp.ocx**.
Problem
A buffer overflow vulnerability allows command execution when a user loads a web page which invokes the Novell iPrint Client ActiveX Control with a long, specially crafted call-back-url parameter.
Resolution
Upgrade to Novell iPrint Client 5.44.
References
<http://www.novell.com/support/viewContent.do?externalId=7006679>
<http://secunia.com/secunia_research/2010-104/>
Limitations
Exploit works on Novell iPrint Client 5.42 and requires a user to open the exploit page in Internet Explorer 6 or 7.
Platforms
Windows
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.3%