Novell iPrint Client nipplib.dll ActiveX buffer overflow

Added: 09/08/2008
CVE: CVE-2008-2436
BID: 30986
OSVDB: 47897

Background

Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Control ActiveX control named ienipp.ocx.

Problem

A buffer overflow vulnerability in the IppCreateServerRef method in the nipplib.dll library used by the Novell iPrint ActiveX control allows command execution when a user opens a specially crafted web page.

Resolution

Upgrade to version 4.38 or version 5.08 or higher.

References

http://secunia.com/secunia_research/2008-33/advisory/

Limitations

Exploit works on Novell iPrint Client 4.26.00 and requires a user to open the exploit page in Internet Explorer.

Platforms

Windows

Back to exploit index