Novell iPrint Client ienipp.ocx ActiveX control buffer overflow

Added: 06/25/2008
CVE: CVE-2008-2908
BID: 29736
OSVDB: 46194

Background

Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Control ActiveX control named ienipp.ocx.

Problem

Multiple buffer overflow vulnerabilities in the Novell iPrint Client allow command execution when a user loads a web page which instantiates the Novell iPrint Control ActiveX control with specially crafted parameters.

Resolution

Upgrade to Novell iPrint Client 4.36.

References

http://www.kb.cert.org/vuls/id/145313
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5028061.html

Limitations

Exploit works on Novell iPrint Client 4.34 and requires a user to load the exploit page in Internet Explorer.

Platforms

Windows

Back to exploit index