Summary
The host is installed with Novell iPrint Client and is prone to multiple buffer overflow vulnerabilities.
Impact
Successful exploitation could allow attackers to execute arbitrary code under the context of the browser.
Impact Level: Application
Solution
Upgrade to Novell iPrint Client 5.64 or later,
For the updates refer, http://download.novell.com/Download?buildid=6_bNby38ERg~
Insight
The flaws exists within the 'nipplib' component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the various parameters from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the heap.
Affected
Novell iPrint Client version prior to 5.64 on windows.
References
- http://securitytracker.com/id/1025606
- http://www.zerodayinitiative.com/advisories/ZDI-11-172/
- http://www.zerodayinitiative.com/advisories/ZDI-11-173/
- http://www.zerodayinitiative.com/advisories/ZDI-11-174/
- http://www.zerodayinitiative.com/advisories/ZDI-11-175/
- http://www.zerodayinitiative.com/advisories/ZDI-11-176/
- http://www.zerodayinitiative.com/advisories/ZDI-11-177/
- http://www.zerodayinitiative.com/advisories/ZDI-11-178/
- http://www.zerodayinitiative.com/advisories/ZDI-11-179/
- http://www.zerodayinitiative.com/advisories/ZDI-11-180/
- http://www.zerodayinitiative.com/advisories/ZDI-11-181/
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2011-1699, CVE-2011-1700, CVE-2011-1701, CVE-2011-1702, CVE-2011-1703, CVE-2011-1704, CVE-2011-1705, CVE-2011-1706, CVE-2011-1707, CVE-2011-1708 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities