Novell iPrint Client Browser Plugin embed Tag Parameter Buffer Overflow

2011-01-03T00:00:00
ID SAINT:9EB57D67B0EC0973B0B5D93BB2F34C0A
Type saint
Reporter SAINT Corporation
Modified 2011-01-03T00:00:00

Description

Added: 01/03/2011
CVE: CVE-2010-4314
BID: 45301
OSVDB: 66959

Background

Novell iPrint is an application which allows users to install and manage printers.

Problem

A buffer overflow vulnerability in Novell iPrint browser plugin allows command execution when a user loads a web page with an overly long parameter name passed via the **embed** tag.

Resolution

Upgrade to Novell iPrint Client 5.56.

References

<http://www.zerodayinitiative.com/advisories/ZDI-10-139/>

Limitations

Exploit works on Novell iPrint Client 5.40 and the user must open the exploit using Mozilla Firefox 3.x on the target.

Platforms

Windows