9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.41 Medium
EPSS
Percentile
97.3%
Added: 06/25/2008
CVE: CVE-2008-2908
BID: 29736
OSVDB: 46194
Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Control ActiveX control named **ienipp.ocx**
.
Multiple buffer overflow vulnerabilities in the Novell iPrint Client allow command execution when a user loads a web page which instantiates the Novell iPrint Control ActiveX control with specially crafted parameters.
Upgrade to Novell iPrint Client 4.36.
<http://www.kb.cert.org/vuls/id/145313>
<http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5028061.html>
Exploit works on Novell iPrint Client 4.34 and requires a user to load the exploit page in Internet Explorer.
Windows