Lucene search

K
saintSAINT CorporationSAINT:98EC5383E7D8D38B5A15C94C3F18A4F8
HistorySep 16, 2008 - 12:00 a.m.

Novell iPrint ActiveX control GetDriverFile buffer overflow

2008-09-1600:00:00
SAINT Corporation
download.saintcorporation.com
17

EPSS

0.471

Percentile

97.5%

Added: 09/16/2008
CVE: CVE-2008-2431
BID: 30813
OSVDB: 51684

Background

Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint ActiveX control named **ienipp.ocx**.

Problem

A buffer overflow vulnerability in the Novell iPrint ActiveX control allows command execution when a user loads a web page which calls the **GetDriverFile** method with specially crafted arguments.

Resolution

Upgrade to Novell iPrint client 5.06 or higher.

References

<http://secunia.com/secunia_research/2008-27/advisory/&gt;

Limitations

Exploit works on Novell iPrint Client 4.36.00 and requires a user to open the exploit page in Internet Explorer.

Platforms

Windows

EPSS

0.471

Percentile

97.5%