Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-3106Improper Input Validation in Iprint

CWE-20Improper Input Validation5 documents4 sources
Severity
9.3CRITICALNVD
EPSS
55.8%
top 1.90%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Novell Iprint
Timeline
PublishedAug 23
Latest updateMay 17

Description

The ienipp.ocx ActiveX control in the browser plugin in Novell iPrint Client before 5.42 does not properly validate the debug parameter, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a parameter value with a crafted length, related to the ExecuteRequest method.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDnovell/iprint5.40+13

Patches

Patch: download.novell.comPatch: dvlabs.tippingpoint.comPatch: download.novell.com

🔴Vulnerability Details

2
GHSA
GHSA-7672-gx6j-wr7h: The ienipp2022-05-17
CVEList
CVE-2010-3106: The ienipp2010-08-23

💥Exploits & PoCs

2
Exploit-DB
Novell iPrint Client - ActiveX Control ExecuteRequest debug Buffer Overflow (Metasploit)2010-09-21
Exploit-DB
Novell iPrint Client - ActiveX Control 'debug' Remote Buffer Overflow (Metasploit)2010-09-21
CVE-2010-3106 — Improper Input Validation in Iprint | cvebase