Novell iPrint Client Browser Plugin Parameter Name Remote Code Execution

ID ZDI-10-139
Type zdi
Reporter Ivan Almuina
Modified 2010-11-09T00:00:00


This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Novell iPrint Client browser plugin. User interaction is required in that a target must visit a malicious web page.

The specific flaw exists within handling plugin parameters. The application does not properly verify the name of parameters passed via <embed> tags. If a malicious attacker provides a long enough value a destination buffer can be overflowed. Successful exploitation leads to execution of arbitrary code under the context of the user owning the browser process.