Novell iPrint ienipp.ocx ActiveX control buffer overflow (NovellIprintIenippActivexBo)

Vuln ID: 61346
Risk Level: High risk vulnerability  High NovellIprintIenippActivexBo
Platforms: Novell Iprint: 4.26, Novell Iprint: 4.27, Novell Iprint: 4.28, Novell Iprint: 4.30, Novell Iprint: 4.32, Novell Iprint: 4.34, Novell Iprint: 4.36, Novell Iprint: 4.38, Novell Iprint: 5.04, Novell Iprint: 5.30, Novell Iprint: 5.32, Novell Iprint: 5.20b, Novell Iprint: 5.12, Novell Iprint: 5.40

The Novell iPrint ActiveX control (ienipp.ocx) is vulnerable to a stack-based buffer overflow. By persuading a victim to visit a specially-crafted Web page that passes a specific-length argument to the ExecuteRequest() method, a remote attacker could overflow a buffer and execute arbitrary code on the system with the privileges of the user or cause the victim's browser to crash.


Upgrade to the latest version of Novell iPrint (5.42 or later), available from the Novell Downloads Web site. See References.

False Positives:
False Negatives:
Required Permission: Windows login
Additional Information:


Novell iPrint Client Browser Plugin ExecuteRequest debug Parameter Remote Code Execution Vulnerability

Novell Downloads Web page
iPrint Client for Windows XP/Vista/Win7 5.42

Offensive Security Exploit Database [09-21-2010]
Novell iPrint Client ActiveX Control 'debug' Buffer Overflow Exploit

ISS X-Force
Novell iPrint ienipp.ocx ActiveX control buffer overflow

CVE CVE-2010-3106

X-Force Logo
Know Your Risks CVE Logo
Common Vulnerabilties & Exposures