logo
DATABASE RESOURCES PRICING ABOUT US

Novell iPrint Client nipplib.dll ActiveX buffer overflow

Description

Added: 09/08/2008 CVE: [CVE-2008-2436](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2436>) BID: [30986](<http://www.securityfocus.com/bid/30986>) OSVDB: [47897](<http://www.osvdb.org/47897>) ### Background Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Control ActiveX control named `**ienipp.ocx**`. ### Problem A buffer overflow vulnerability in the `**IppCreateServerRef**` method in the `**nipplib.dll**` library used by the Novell iPrint ActiveX control allows command execution when a user opens a specially crafted web page. ### Resolution Upgrade to [version 4.38](<http://download.novell.com/Download?buildid=3q-_lVDVRFI~>) or [version 5.08](<http://download.novell.com/Download?buildid=dv_yn4TOPmQ~>) or higher. ### References <http://secunia.com/secunia_research/2008-33/advisory/> ### Limitations Exploit works on Novell iPrint Client 4.26.00 and requires a user to open the exploit page in Internet Explorer. ### Platforms Windows


Related