SAINT CorporationSAINT:CED464C320FB37AD3E8A72FAC1DB68DDNovell iPrint Client ienipp.ocx target-frame buffer overflow
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.1%
Added: 01/12/2010
CVE: CVE-2009-1568
BID: 37242
OSVDB: 60803
Background
Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Control ActiveX control named **ienipp.ocx**.
Problem
A buffer overflow in **ienipp.ocx** allows command execution when a user opens a specially crafted page which invokes the Novell iPrint Client ActiveX control with a specially crafted target-frame parameter.
Resolution
Upgrade to iPrint Client version 5.3.2 or higher.
References
<http://secunia.com/secunia_research/2009-40/>
Limitations
Exploit works on Novell iPrint Client 5.30.00.
Platforms
Windows XP
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.1%