SAINT CorporationSAINT:2759292501987F5C35585AE9D490FC54Novell iPrint Control ActiveX control ExecuteRequest buffer overflow
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
97.4%
Added: 03/11/2008
CVE: CVE-2008-0935
BID: 27939
OSVDB: 42063
Background
Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Control ActiveX control named **ienipp.ocx**.
Problem
A buffer overflow vulnerability in the **ExecuteRequest** function in the Novell iPrint Control ActiveX control allows command execution when a user loads a specially crafted web page.
Resolution
Upgrade to Novell iPrint Client 4.34 or higher.
References
<http://secunia.com/advisories/27994>
Limitations
Exploit works on Novell iPrint Client 4.26.
Platforms
Windows
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
97.4%