Novell IPrint ActiveX Control Stack-based BOF Vulnerability Network Vulnerability

Summary

The host is installed with Novell iPrint, and is prone to stack based buffer overflow vulnerability.

Impact

Successful attack could lead to execution of arbitrary code via a long target frame option value, which crashes the browser and may allow code execution. Impact Level: Application

Solution

Novell iPrint Client version 5.06 is obsoleted, Upgrade to Novell iPrint Client version higher than 5.06. For updates refer to http://download.novell.com/index.jsp

Insight

The issue is due to the improper handling of user requests sent to the ExecuteRequest method in ienipp.ocx file.

Affected

Novell iPrint Client version 5.06 and prior on Windows.

References

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5231

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-5231
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Cyrus IMAP Server 'split_wildmats()' Remote Buffer Overflow Vulnerability
Beatport Player '.m3u' File Buffer Overflow Vulnerability
ChaSen Buffer Overflow Vulnerability (Linux)
Apple iTunes 'itms:' URI Stack Buffer Overflow Vulnerability
CCProxy CONNECTION Request Buffer Overflow Vulnerability

Novell iPrint ActiveX control Stack-based BOF Vulnerability

Take action and discover your vulnerabilities