CVE-2008-2431

Name of the Vulnerable Software and Affected Versions: Novell iPrint Client versions prior to 5.06

Description: The issue allows remote attackers to execute arbitrary code by exploiting multiple buffer overflows in the Novell iPrint ActiveX control, specifically through methods such as GetDriverFile, GetPrinterURLList, GetPrinterURLList2, GetFileList, GetServerVersion, GetResourceList, DeleteResource, UploadPrinterDriver, UploadResource, and GetDriverSettings. This can be achieved by passing long arguments to these methods, including a long uploadPath argument to UploadPrinterDriver or UploadResource methods, or a long string in the arguments to the GetDriverSettings method. The vulnerability is related to the nipplib.dll and exploitation of these methods can lead to arbitrary code execution.

Recommendations: For Novell iPrint Client versions prior to 5.06, consider updating to version 5.06 or later to resolve the issue. As a temporary workaround, consider restricting access to the Novell iPrint ActiveX control and its related methods until a patch is applied. Avoid using long arguments in the GetDriverFile, GetPrinterURLList, GetPrinterURLList2, GetFileList, GetServerVersion, GetResourceList, DeleteResource, UploadPrinterDriver, UploadResource, and GetDriverSettings methods to minimize the risk of exploitation.