Summary
This host has Novell iPrint Client installed, which is prone to activex control vulnerabilities.
Impact
Remote exploitation could allow execution of arbitrary code to cause the server to crash or denying the access to legitimate users.
Impact Level : Application
Solution
Upgrade to Novell iPrint Client version 5.40 or later, For updates refer to http://download.novell.com/index.jsp
Insight
The flaws are due to,
- boundary errors in ienipp.ocx file when processing GetDriverFile(), GetFileList(), ExecuteRequest(), UploadPrinterDriver(), UploadResource(), UploadResource(), UploadResourceToRMS(), GetServerVersion(), GetResourceList(), or DeleteResource() methods.
- a boundary error in nipplib.dll when processing IppGetDriverSettings() while creating a server reference or interpreting a URI.
- an error in the GetFileList() method returns a list of images (eg., .jpg, .jpeg, .gif, and .bmp) in a directory specified as argument to the method.
Affected
Novell iPrint Client version 4.36 and prior on Windows (All).
Affected Platform : Windows (Any).
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-2431, CVE-2008-2432 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe AIR Multiple Vulnerabilities -01 Feb13 (Mac OS X)
- Adobe Air and Flash Player Multiple Vulnerabilities August-2011 (Windows)
- Adobe Acrobat Multiple Unspecified Vulnerabilities-01 Sep13 (Mac OS X)
- Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Windows)
- Adobe Acrobat Remote Code Execution Vulnerability(Win)