Novell iPrint Client op-client-interface-version Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ienipp.ocx ActiveX object. A vulnerability exists in the op-client-interface-version operation, which takes two strings as parameters. When these strings are combined to create the response url, Novell iPrint copies this string to a fixed-length buffer on the stack. This can lead to memory corruption which can be leveraged to execute code under the context of the process.