PT-2008-4347 · Novell+1 · Novell Iprint Client+2

Will Dormann

Published

2008-06-30

Updated

2017-08-08

CVE-2008-2908

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Novell iPrint Client for Windows versions prior to 4.36

Description The issue is related to multiple stack-based buffer overflows in a certain ActiveX control. Remote attackers can execute arbitrary code by providing a long value for certain parameters. The parameters operation, printer-url, and target-frame are affected.

Recommendations For versions prior to 4.36, update to version 4.36 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected ActiveX control in ienipp.ocx until the update is applied. Avoid using long values for the operation, printer-url, and target-frame parameters in the affected API endpoints until the issue is resolved.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2008-2908

Affected Products

Activex

Novell Iprint Client

Windows

PT-2008-4347 · Novell+1 · Novell Iprint Client+2

CVE-2008-2908

Weakness Enumeration

Related Identifiers

Affected Products

References · 10