Novell iPrint Client Netscape/ActiveX Plugin Wide Character IPP Remote Code Execution Vulnerability

ID ZDI-10-299
Type zdi
Reporter Ivan Rodriguez Almuina
Modified 2010-11-09T00:00:00


This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. Authentication is not required to exploit this vulnerability.

The flaw exists within the nipplib.dll component which is used by both the Mozilla and IE browser plugins for iPrint Client. When handling an IPP response from a user provided printer-url the process does not properly validate the size of the destination buffer and copies user supplied data of an arbitrary length into a fixed length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.