131136 : Novell IPrint Control ActiveX (ienipp.ocx) ExecuteRequest() Method Overflow

Risk 5 : Windows

The remote host contains the iPrint Control ActiveX control distributed with Novell iPrint Client.

The installed version of that control reportedly contains a buffer overflow that can be triggered by passing an argument longer than 256 bytes to the 'ExecuteRequest' method. If a remote attacker can trick a user on the affected host into visiting a specially-crafted web page, he may be able to leverage this issue to execute arbitrary code on the affected host subject to the user's privileges.

Solution:
Upgrade to Novell iPrint Client for Windows 4.34 or later and ensure the control has a file version of 4.3.4.0 or higher.
References:
CVSS Information:
Complete Confidentiality Impact, Complete Integrity Impact, Complete Availability Impact
Credit:
Tenable : 2009-12-04
New Search
Keywords
Risk Factor
Start Date
End Date
Browse