Summary
The host is installed with Novell iPrint Client and is prone to multiple vulnerabilities.
Impact
Successful exploitation could allow attackers to execute arbitrary code, delete files on a system.
Impact Level: Application
Solution
Apply patch from below link
http://download.novell.com/Download?buildid=ftwZBxEFjIg~
*****
NOTE : Ignore this warning, if above mentioned patch is applied already.
*****
Insight
Multiple flaws are due to:
- Error in handling 'ienipp.ocx' ActiveX control.
- Error within the nipplib.dll module that can be reached via the 'ienipp.ocx' ActiveX control with 'CLSID 36723f97-7aa0-11d4-8919-FF2D71D0D32C'.
- Failure to verify the name of parameters passed via '<embed>' tags.
- Error in handling plugin parameters. A long value for the operation parameter can trigger a stack-based buffer overflow.
Affected
Novell iPrint Client version 5.40 and prior.
References
Severity
Classification
-
CVE CVE-2010-3106, CVE-2010-3107, CVE-2010-3108, CVE-2010-3109 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities