Novell IPrint Client 'ienipp.ocx' ActiveX Buffer Overflow Vulnerability Network Vulnerability

Summary

The host is installed with Novell iPrint Client and is prone to Buffer Overflow vulnerability.

Impact

Successful exploitation could allow attackers to execute arbitrary code in the context of the application. Impact Level: Application

Solution

Upgrade to Novell iPrint Client version 5.56 or later http://download.novell.com/Download?buildid=JV7fd0tFHHM~

Insight

The flaw is due to an error in 'ienipp.ocx' in the method 'GetDriverSettings' whcih blindly copies user supplied data into a fixed-length buffer on the stack.

Affected

Novell iPrint Client version 5.52

References

http://www.novell.com/support/viewContent.do?externalId=7007234
http://www.zerodayinitiative.com/advisories/ZDI-10-256/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-4321

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Air and Flash Player Multiple Vulnerabilities August-2011 (Windows)
Adobe Air Multiple Vulnerabilities June-2012 (Mac OS X)
Adobe Acrobat and Reader 'printSeps()' Function Heap Corruption Vulnerability
Adobe Air Multiple Vulnerabilities - December12 (Windows)
Adobe Air Multiple Vulnerabilities -01 May 13 (Mac OS X)

Novell iPrint Client 'ienipp.ocx' ActiveX Buffer Overflow Vulnerability

Take action and discover your vulnerabilities