Novell iPrint Client ienipp.ocx target-frame buffer overflow

2010-01-12T00:00:00
ID SAINT:DC7242B4E001383B596631DCD787D66F
Type saint
Reporter SAINT Corporation
Modified 2010-01-12T00:00:00

Description

Added: 01/12/2010
CVE: CVE-2009-1568
BID: 37242
OSVDB: 60803

Background

Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Control ActiveX control named **ienipp.ocx**.

Problem

A buffer overflow in **ienipp.ocx** allows command execution when a user opens a specially crafted page which invokes the Novell iPrint Client ActiveX control with a specially crafted target-frame parameter.

Resolution

Upgrade to iPrint Client version 5.3.2 or higher.

References

<http://secunia.com/secunia_research/2009-40/>

Limitations

Exploit works on Novell iPrint Client 5.30.00.

Platforms

Windows XP