Novell iPrint Client IPP Response URI handling buffer overflow

Added: 07/05/2013
CVE: CVE-2013-1091
BID: 59612
OSVDB: 92938

Background

Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Control ActiveX control named ienipp.ocx.

Problem

A buffer overflow vulnerability within the handling of functions that take a URI as a parameter allows arbitrary command execution when a user loads a specially crafted web page.

Resolution

Apply the patch referenced in Novell knowledge base document 7012344.

References

http://www.novell.com/support/kb/doc.php?id=7012344
http://www.zerodayinitiative.com/advisories/ZDI-13-096/

Limitations

Exploit works on Novell iPrint Client 05.86.00 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn) and requires a user to load the exploit page in Internet Explorer 8.

The SAINTexploit host must be able to bind to port 631/tcp.

Platforms

Windows

Back to exploit index