Novell iPrint Client ActiveX Control GetDriverSettings Stack Overflow

Added: 12/23/2011
CVE: CVE-2011-3173
BID: 50367
OSVDB: 76631

Background

Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Client ActiveX control named ienipp.ocx.

Problem

A buffer overflow vulnerability in the ActiveX control of Novell iPrint Client versions prior to 5.72 allows command execution when a user loads a web page which calls the GetDriverSettings method with a specially crafted argument. Note that this vulnerability is different than CVE-2010-4321, and affects versions of iPrint that have applied the patch for CVE-2010-4321.

Resolution

Upgrade to iPrint Client 5.72 or later.

References

http://www.novell.com/support/viewContent.do?externalId=7009676
http://www.zerodayinitiative.com/advisories/ZDI-11-309/

Limitations

This exploit has been tested against Novell iPrint 5.72 and requires a user to load the exploit page in Internet Explorer 7.

Platforms

Windows

Back to exploit index