SAINT CorporationSAINT:BBFA0128A25A26E9D2873154BAF806C6Novell iPrint Client ienipp.ocx persistence parameter parsing buffer overflow
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.955 High
EPSS
Percentile
99.2%
Added: 01/28/2010
CVE: CVE-2009-1569
BID: 37242
OSVDB: 60804
Background
Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Control ActiveX control named **ienipp.ocx**.
Problem
A buffer overflow in **ienipp.ocx** allows command execution when a user opens a specially crafted page which invokes the Novell iPrint Client ActiveX control with a specially crafted **persistence** parameter for **volatile-date-time**.
Resolution
Upgrade to iPrint Client version 5.3.2 or higher.
References
<http://secunia.com/secunia_research/2009-44/>
Limitations
Exploit works on Novell iPrint Client 5.30.00 and requires a user to open the exploit page in Internet Explorer 6 or 7.
Platforms
Windows
Related
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.955 High
EPSS
Percentile
99.2%