SAINT CorporationSAINT:F6C7E2DABF523BC7F27460BDE8B5C9B5Novell iPrint Client ienipp.ocx ActiveX control buffer overflow
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.41 Medium
EPSS
Percentile
97.3%
Added: 06/25/2008
CVE: CVE-2008-2908
BID: 29736
OSVDB: 46194
Background
Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Control ActiveX control named **ienipp.ocx**.
Problem
Multiple buffer overflow vulnerabilities in the Novell iPrint Client allow command execution when a user loads a web page which instantiates the Novell iPrint Control ActiveX control with specially crafted parameters.
Resolution
Upgrade to Novell iPrint Client 4.36.
References
<http://www.kb.cert.org/vuls/id/145313>
<http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5028061.html>
Limitations
Exploit works on Novell iPrint Client 4.34 and requires a user to load the exploit page in Internet Explorer.
Platforms
Windows
Related
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.41 Medium
EPSS
Percentile
97.3%