CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
97.5%
Added: 09/16/2008
CVE: CVE-2008-2431
BID: 30813
OSVDB: 51684
Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint ActiveX control named **ienipp.ocx**
.
A buffer overflow vulnerability in the Novell iPrint ActiveX control allows command execution when a user loads a web page which calls the **GetDriverFile**
method with specially crafted arguments.
Upgrade to Novell iPrint client 5.06 or higher.
<http://secunia.com/secunia_research/2008-27/advisory/>
Exploit works on Novell iPrint Client 4.36.00 and requires a user to open the exploit page in Internet Explorer.
Windows