Novell iPrint ienipp.ocx ActiveX control buffer overflow (NovellIprintIenippActivexBo)

Vuln ID: 61346
Risk Level: High risk vulnerability  High NovellIprintIenippActivexBo
Platforms: Novell Iprint: 4.26, Novell Iprint: 4.27, Novell Iprint: 4.28, Novell Iprint: 4.30, Novell Iprint: 4.32, Novell Iprint: 4.34, Novell Iprint: 4.36, Novell Iprint: 4.38, Novell Iprint: 5.04, Novell Iprint: 5.30, Novell Iprint: 5.32, Novell Iprint: 5.20b, Novell Iprint: 5.12, Novell Iprint: 5.40
Description:

The Novell iPrint ActiveX control (ienipp.ocx) is vulnerable to a stack-based buffer overflow. By persuading a victim to visit a specially-crafted Web page that passes a specific-length argument to the ExecuteRequest() method, a remote attacker could overflow a buffer and execute arbitrary code on the system with the privileges of the user or cause the victim's browser to crash.
Remedy:

Upgrade to the latest version of Novell iPrint (5.42 or later), available from the Novell Downloads Web site. See References.
False Positives:
False Negatives:
Required Permission: Windows login
Additional Information:

References:

TPTI-10-06
Novell iPrint Client Browser Plugin ExecuteRequest debug Parameter Remote Code Execution Vulnerability
http://dvlabs.tippingpoint.com/advisory/TPTI-10-06

Novell Downloads Web page
iPrint Client for Windows XP/Vista/Win7 5.42
http://download.novell.com/Download?buildid=ftwZBxEFjIg~

Offensive Security Exploit Database [09-21-2010]
Novell iPrint Client ActiveX Control 'debug' Buffer Overflow Exploit
http://www.exploit-db.com/exploits/15073/

ISS X-Force
Novell iPrint ienipp.ocx ActiveX control buffer overflow
http://www.iss.net/security_center/static/61346.php

CVE CVE-2010-3106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3106
X-Force Logo
Know Your Risks		 Mitre.org CVE Logo
Common Vulnerabilties & Exposures