SAINT CorporationSAINT:98EC5383E7D8D38B5A15C94C3F18A4F8Novell iPrint ActiveX control GetDriverFile buffer overflow
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.471 Medium
EPSS
Percentile
97.1%
Added: 09/16/2008
CVE: CVE-2008-2431
BID: 30813
OSVDB: 51684
Background
Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint ActiveX control named **ienipp.ocx**.
Problem
A buffer overflow vulnerability in the Novell iPrint ActiveX control allows command execution when a user loads a web page which calls the **GetDriverFile** method with specially crafted arguments.
Resolution
Upgrade to Novell iPrint client 5.06 or higher.
References
<http://secunia.com/secunia_research/2008-27/advisory/>
Limitations
Exploit works on Novell iPrint Client 4.36.00 and requires a user to open the exploit page in Internet Explorer.
Platforms
Windows
Related
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.471 Medium
EPSS
Percentile
97.1%