SAINT CorporationSAINT:EB14A04481A4B3F6FE13FD8A3947710FNovell iPrint Client nipplib.dll ActiveX buffer overflow
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
96.9%
Added: 09/08/2008
CVE: CVE-2008-2436
BID: 30986
OSVDB: 47897
Background
Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Control ActiveX control named **ienipp.ocx**.
Problem
A buffer overflow vulnerability in the **IppCreateServerRef** method in the **nipplib.dll** library used by the Novell iPrint ActiveX control allows command execution when a user opens a specially crafted web page.
Resolution
Upgrade to version 4.38 or version 5.08 or higher.
References
<http://secunia.com/secunia_research/2008-33/advisory/>
Limitations
Exploit works on Novell iPrint Client 4.26.00 and requires a user to open the exploit page in Internet Explorer.
Platforms
Windows
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
96.9%