Lucene search

K
zdiNullPtr CrewZDI-13-096
HistoryMay 29, 2013 - 12:00 a.m.

Novell iPrint Client IPP Response Remote Code Execution Vulnerability

2013-05-2900:00:00
nullPtr Crew
www.zerodayinitiative.com
11

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.647 Medium

EPSS

Percentile

97.9%

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of functions that take a URI as a parameter. The issue lies in the failure to validate the size of received data prior to copying it into a fixed size buffer. An attacker can leverage this vulnerability to execute code under the context of the current process.

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.647 Medium

EPSS

Percentile

97.9%