Added: 06/25/2008
CVE: CVE-2008-2908
BID: 29736
OSVDB: 46194
Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Control ActiveX control named **ienipp.ocx**
.
Multiple buffer overflow vulnerabilities in the Novell iPrint Client allow command execution when a user loads a web page which instantiates the Novell iPrint Control ActiveX control with specially crafted parameters.
Upgrade to Novell iPrint Client 4.36.
<http://www.kb.cert.org/vuls/id/145313>
<http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5028061.html>
Exploit works on Novell iPrint Client 4.34 and requires a user to load the exploit page in Internet Explorer.
Windows