Computer Security
[EN] securityvulns.ru no-pyccku


Novell iPrint multiple security vulnerabilities
Published:11.06.2011
Source:
SecurityVulns ID:11725
Type:client
Threat Level:
6/10
Description:Code execution via op-printer-list-all-jobs URI handler and cookie, Multiple ActiveX code execution vulnerabilities.
Affected:NOVELL : iPrint Client 5.63
CVE:CVE-2011-1708 (Stack-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted op-printer-list-all-jobs cookie.)
 CVE-2011-1707 (Stack-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted op-printer-list-all-jobs parameter in a printer-url.)
 CVE-2011-1706 (Stack-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted iprint-client-config-info parameter in a printer-url.)
 CVE-2011-1705 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted client-file-name parameter in a printer-url.)
 CVE-2011-1704 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted core-package parameter in a printer-url.)
 CVE-2011-1703 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted driver-version parameter in a printer-url.)
 CVE-2011-1702 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted file-date-time parameter in a printer-url.)
 CVE-2011-1701 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted profile-name parameter in a printer-url.)
 CVE-2011-1700 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted profile-time parameter in a printer-url.)
 CVE-2011-1699 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted uri parameter in a printer-url.)
Original documentdocumentZDI, ZDI-11-172: Novell iPrint nipplib.dll uri Remote Code Execution Vulnerability (11.06.2011)
 documentZDI, ZDI-11-173: Novell iPrint nipplib.dll profile-time Remote Code Execution Vulnerability (11.06.2011)
 documentZDI, ZDI-11-174: Novell iPrint nipplib.dll profile-name Remote Code Execution Vulnerability (11.06.2011)
 documentZDI, ZDI-11-175: Novell iPrint nipplib.dll file-date-time Remote Code Execution Vulnerability (11.06.2011)
 documentZDI, ZDI-11-176: Novell iPrint nipplib.dll driver-version Remote Code Vulnerability (11.06.2011)
 documentZDI, ZDI-11-177: Novell iPrint nipplib.dll core-package Remote Code Execution Vulnerability (11.06.2011)
 documentZDI, ZDI-11-178: Novell iPrint nipplib.dll client-file-name Remote Code Execution Vulnerability (11.06.2011)
 documentZDI, ZDI-11-179: Novell iPrint nipplib.dll iprint-client-config-info Remote Code Execution Vulnerability (11.06.2011)
 documentZDI, ZDI-11-180: Novell iPrint op-printer-list-all-jobs cookie Remote Code Execution Vulnerability (11.06.2011)
 documentZDI, ZDI-11-181: Novell iPrint op-printer-list-all-jobs url Remote Code Execution Vulnerability (11.06.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod