CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
97.2%
Versions of Novell iPrint Client earlier than 5.64 are potentially affected by multiple vulnerabilities :
The nipplib.dll component, as used by both types of browser plugins, does not properly handle the uri parameter from the user specified printer-url before passing it to a fixed-length buffer on the heap. (ZDI-11-172 / CVE-2011-1699)
The nipplib.dll component, as used by both types of browser plugins, does not properly handle the profile time parameter from the user specified printer-url before passing it to a fixed-length buffer on the heap. (ZDI-11-173 / CVE-2011-1700)
The nipplib.dll component, as used by both types of browser plugins, does not properly handle the profile-name parameter from the user specified printer url before passing it to a fixed-length buffer on the heap. (ZDI-11-174 / CVE-2011-1701)
The nipplib.dll component, as used by both types of browser plugins, does not properly handle the file-date-time parameter from the user specified printer-url before passing it to a fixed-length buffer on the heap. (ZDI-11-175 / CVE-2011-1702)
The nipplib.dll component, as used by both types of browser plugins, does not properly handle the driver version parameter from the user-specified printer-url before passing it to a fixed-length buffer on the heap. (ZDI-11-176 / CVE-2011-1703)
The nipplib.dll component, as used by both types of browser plugins, does not properly handle the core-package parameter from the user specified printer-url before passing it to a fixed-length buffer on the heap. (ZDI-11-177 / CVE_2011-1704)
The nipplib.dll component, as used by both types of browser plugins, does not properly handle the client-file-name parameter from the user specified printer-url before passing it to a fixed-length buffer on the heap. (ZDI-11-178 / CVE-2011-1705)
The nipplib.dll component, as used by both types of browser plugins, does not properly handle the iprint-client-config-info parameter form the user specified printer-url before passing it to a fixed-length buffer on the heap. (ZDI-11-179 / CVE-2011-1706)
The nipplib.dll component, as used by both types of browser plugins, does not properly handle the op-printer-list-all-jobs parameter from the user specified printer-url before passing it to a fixed-length buffer on the heap. (ZDI-11-180 / CVE-2011-1708)
The nipplib.dll component, as used by both types of browser plugins, does not properly handle the op-printer-list-all-jobs parameter from the user specified printer-url before passing it to a fixed-length buffer on the heap. (ZDI-11-181 / CVE-2011-1707)
Binary data 5942.prm
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1699
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1700
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1701
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1702
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1703
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1704
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1705
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1706
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1707
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1708
www.securityfocus.com/archive/1/518266/30/0/threaded
www.securityfocus.com/archive/1/518267/30/0/threaded
www.securityfocus.com/archive/1/518268/30/0/threaded
www.securityfocus.com/archive/1/518269/30/0/threaded
www.securityfocus.com/archive/1/518270/30/0/threaded
www.securityfocus.com/archive/1/518271/30/0/threaded
www.securityfocus.com/archive/1/518272/30/0/threaded
www.securityfocus.com/archive/1/518273/30/0/threaded
www.securityfocus.com/archive/1/518274/30/0/threaded
www.securityfocus.com/archive/1/518275/30/0/threaded
www.zerodayinitiative.com/advisories/ZDI-11-172
www.zerodayinitiative.com/advisories/ZDI-11-173
www.zerodayinitiative.com/advisories/ZDI-11-174
www.zerodayinitiative.com/advisories/ZDI-11-175
www.zerodayinitiative.com/advisories/ZDI-11-176
www.zerodayinitiative.com/advisories/ZDI-11-177
www.zerodayinitiative.com/advisories/ZDI-11-178
www.zerodayinitiative.com/advisories/ZDI-11-179
www.zerodayinitiative.com/advisories/ZDI-11-180
www.zerodayinitiative.com/advisories/ZDI-11-181