Novell iPrint Control ActiveX control ExecuteRequest buffer overflow

Added: 03/11/2008
CVE: CVE-2008-0935
BID: 27939
OSVDB: 42063

Background

Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Control ActiveX control named ienipp.ocx.

Problem

A buffer overflow vulnerability in the ExecuteRequest function in the Novell iPrint Control ActiveX control allows command execution when a user loads a specially crafted web page.

Resolution

Upgrade to Novell iPrint Client 4.34 or higher.

References

http://secunia.com/advisories/27994

Limitations

Exploit works on Novell iPrint Client 4.26.

Platforms

Windows

Back to exploit index