CVE-2008-2436Code Injection in Iprint Client

CWE-94Code Injection3 documents3 sources
Severity
9.3CRITICALNVD
EPSS
19.9%
top 4.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Novell Iprint Client
Timeline
PublishedSep 5
Latest updateMay 1

Description

Multiple heap-based buffer overflows in the IppCreateServerRef function in nipplib.dll in Novell iPrint Client 4.x before 4.38 and 5.x before 5.08 allow remote attackers to execute arbitrary code via a long argument to the (1) GetPrinterURLList, (2) GetPrinterURLList2, or (3) GetFileList2 function in the Novell iPrint ActiveX control in ienipp.ocx.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDnovell/iprint_client5 versions+4

Patches

Patch: secunia.comPatch: secunia.com

🔴Vulnerability Details

2
GHSA
GHSA-96v9-mjjm-c4c5: Multiple heap-based buffer overflows in the IppCreateServerRef function in nipplib2022-05-01
CVEList
CVE-2008-2436: Multiple heap-based buffer overflows in the IppCreateServerRef function in nipplib2008-09-05
CVE-2008-2436 — Code Injection in Novell Iprint Client | cvebase