SAINT CorporationSAINT:74A8FCB941C13CC991FF41C5E9CCF055Novell iPrint Client ienipp.ocx target-frame buffer overflow
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.95 High
EPSS
Percentile
99.3%
Added: 01/12/2010
CVE: CVE-2009-1568
BID: 37242
OSVDB: 60803
Background
Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Control ActiveX control named **ienipp.ocx**.
Problem
A buffer overflow in **ienipp.ocx** allows command execution when a user opens a specially crafted page which invokes the Novell iPrint Client ActiveX control with a specially crafted target-frame parameter.
Resolution
Upgrade to iPrint Client version 5.3.2 or higher.
References
<http://secunia.com/secunia_research/2009-40/>
Limitations
Exploit works on Novell iPrint Client 5.30.00.
Platforms
Windows XP
Related
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.95 High
EPSS
Percentile
99.3%