Novell iPrint Client ActiveX Control Multiple Remote Vulnerabilities
BID:30813
Info
Novell iPrint Client ActiveX Control Multiple Remote Vulnerabilities
| Bugtraq ID: | 30813 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2008-2431 CVE-2008-2432 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 25 2008 12:00AM |
| Updated: | Aug 28 2008 09:36PM |
| Credit: | Carsten Eiram, Secunia Research |
| Vulnerable: |
Novell iPrint Client 5.04 Novell iPrint Client 4.36 |
| Not Vulnerable: |
Novell iPrint Client 5.06 |
Discussion
Novell iPrint Client ActiveX Control Multiple Remote Vulnerabilities
Novell iPrint Client ActiveX control is prone to multiple buffer-overflow vulnerabilities and an information-disclosure issue.
An attacker can exploit these issues by tricking a victim into viewing a malicious page. A successful memory-corruption attack will allow attacker-supplied code to run in the context of the currently logged-in user. Failed attempts may result in a crash. Remote attackers may also carry out information-disclosure attacks to obtain potentially sensitive information.
These issues affect iPrint Client 4.36 and 5.04.
Novell iPrint Client ActiveX control is prone to multiple buffer-overflow vulnerabilities and an information-disclosure issue.
An attacker can exploit these issues by tricking a victim into viewing a malicious page. A successful memory-corruption attack will allow attacker-supplied code to run in the context of the currently logged-in user. Failed attempts may result in a crash. Remote attackers may also carry out information-disclosure attacks to obtain potentially sensitive information.
These issues affect iPrint Client 4.36 and 5.04.
Exploit / POC
Novell iPrint Client ActiveX Control Multiple Remote Vulnerabilities
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Novell iPrint Client ActiveX Control Multiple Remote Vulnerabilities
Solution:
The vendor has released Novell iPrint Client for Windows Vista 5.06 to address these issues, but some reports indicate that issue #7 has not been addressed. Please see the references and contact the vendor for more information.
Solution:
The vendor has released Novell iPrint Client for Windows Vista 5.06 to address these issues, but some reports indicate that issue #7 has not been addressed. Please see the references and contact the vendor for more information.
References
Novell iPrint Client ActiveX Control Multiple Remote Vulnerabilities
References:
References:
- Microsoft Knowledge Base Article 240797 (Microsoft)
- Novell iPrint Client ActiveX Control GetFileList() Information Disclosure (Secunia)
- Novell iPrint Client ActiveX Control Multiple Buffer Overflows (Secunia)
- Novell iPrint Client for Windows Vista 5.06 (Novell)
- Novell iPrint Overview (Novell)
- Secunia Research: Novell iPrint Client ActiveX Control 'GetFileList()' Informati (Secunia Research
- Secunia Research: Novell iPrint Client ActiveX Control Multiple Buffer Overflows (Secunia Research