Novell iPrint Client op-client-interface-version Remote Code Execution Vulnerability

2013-08-13T00:00:00
ID ZDI-13-189
Type zdi
Reporter Brian Gorenc HP Zero Day Initiative
Modified 2013-11-09T00:00:00

Description

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the ienipp.ocx ActiveX object. A vulnerability exists in the op-client-interface-version operation, which takes two strings as parameters. When these strings are combined to create the response url, Novell iPrint copies this string to a fixed-length buffer on the stack. This can lead to memory corruption which can be leveraged to execute code under the context of the process.