SAINT CorporationSAINT:914DF751F34CE618863012838115F326Novell iPrint Client ActiveX Control GetDriverSettings buffer overflow
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
97.2%
Added: 11/24/2010
CVE: CVE-2010-4321
BID: 44966
OSVDB: 69357
Background
Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Client ActiveX control named **ienipp.ocx**.
Problem
A buffer overflow vulnerability in the Novell iPrint Client ActiveX control in version prior to 5.56, which allows command execution when a user loads a web page which calls the GetDriverSettings method with a specially crafted argument.
Resolution
Upgrade to iPrint Client 5.56 or later.
References
<http://www.zerodayinitiative.com/advisories/ZDI-10-256/>
<http://www.novell.com/support/viewContent.do?externalId=7007234>
Limitations
This exploit has been tested against Novell iPrint 5.52 and requires a user to load the exploit page in Internet Explorer 6 or 7.
Platforms
Windows
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
97.2%