Zero Day Initiative Advisory 10-256 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the ienipp.ocx component. When handling the exposed method a GetDriverSettings call is made into nipplib!IppGetDriverSettings2 where the process will blindly copy user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
2971af8cebc50a3a9ade2dcd7ba6f3f41d191dfe5ac51ccb9c5ecc235e08c17fNovell iPrint versions 5.52 and below active-x GetDriverSettings() remote exploit.
86f276924df3584972409a858e2eacedb5fba702c6c79a2304107e139e7b9084
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed