Lucene search
Ivan Rodriguez AlmuinaZDI-11-174HistoryJun 06, 2011 - 12:00 a.m.
Novell iPrint nipplib.dll profile-name Remote Code Execution Vulnerability
2011-06-0600:00:00
Ivan Rodriguez Almuina
www.zerodayinitiative.com
9
EPSS
0.345
Percentile
97.1%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the profile-name parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
Related
cve
cve
CVE-2011-1701
2011-06-09 19:55:01
nvd
nvd
CVE-2011-1701
2011-06-09 19:55:01
securityvulns
securityvulns
ZDI-11-174: Novell iPrint nipplib.dll profile-name Remote Code Execution Vulnerability
2011-06-11 00:00:00
Novell iPrint multiple security vulnerabilities
2011-06-11 00:00:00
prion
prion
Heap overflow
2011-06-09 19:55:00
cvelist
cvelist
CVE-2011-1701
2011-06-09 19:00:00
nessus
nessus
Novell iPrint Client < 5.64 Multiple Vulnerabilities
2011-06-07 00:00:00
Novell iPrint Client < 5.64 Multiple Vulnerabilities
2011-06-07 00:00:00
openvas
openvas
Novell iPrint Client 'printer-url' Multiple BOF Vulnerabilities (Windows)
2011-06-13 00:00:00
Novell iPrint Client 'printer-url' Multiple BOF Vulnerabilities - Windows
2011-06-13 00:00:00