Novell iPrint Client GetDriverSettings Realm Parameter Stack Buffer Overflow

Added: 08/10/2012
CVE: CVE-2011-4187
BID: 51926
OSVDB: 78955

Background

Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Client ActiveX control named ienipp.ocx.

Problem

Novell iPrint Client before 5.78 on Windows is vulnerable to a stack buffer overflow as a result of improper verification of a user-supplied realm parameter. The flaw exists within the exposed GetDriverSettings method in the nipplib.dll component imported by ienipp.ocx. A remote attacker who persuades a user to visit a malicious web page with a specially crafted realm argument could exploit this vulnerability to execute arbitrary code in the context of the user.

Resolution

Upgrade to iPrint Client for Windows 5.78 or later.

References

http://www.zerodayinitiative.com/advisories/ZDI-12-102/
http://www.novell.com/support/viewContent.do?externalId=7010143

Limitations

This exploit has been tested against Novell iPrint Client 5.74 on Windows XP SP3 English (DEP OptIn).

The user must open the exploit page in Internet Explorer 8.

Platforms

Windows

Back to exploit index