OSVDB ID: 46194

Title: Novell iPrint Client for Windows ienipp.ocx ActiveX Multiple Variable Overflow

Info

Disclosure

Jun 12, 2008

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A buffer overflow exists in iPrint Client for Windows. The ienipp.ocx ActiveX control fails to validate data passed to the 'operation,' 'printer-url' and 'target-frame' parameters resulting in a stack overflow. With a specially crafted website, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access, Local / Remote, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Public, Exploit Commercial
Disclosure: Vendor Verified, Vendor Verified, Coordinated Disclosure
OSVDB: Web Related

Solution

Upgrade to version 4.36 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Novell, Inc.

iPrint Client for Windows

4.34

References

Security Tracker: 1020303
CERT VU: 145313
CVE ID: 2008-2908 (see also: NVD)
Bugtraq ID: 29736
Secunia Advisory ID: 30709
ISS X-Force ID: 43085
Metasploit ID: 46194
VUPEN Advisory: ADV-2008-1837
Vendor Specific News/Changelog Entry: http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5028061.html
Generic Exploit URL: http://www.saintcorporation.com/cgi-bin/exploit_info/novell_iprint_activex_ienipp

Credit

Will Dormann - -

Direct URL: http://osvdb.org/46194