Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-4321Improper Restriction of Operations within the Bounds of a Memory Buffer in Iprint Client

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents5 sources
Severity
9.3CRITICALNVD
EPSS
56.6%
top 1.87%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Novell Iprint Client
Timeline
PublishedDec 30
Latest updateMay 17

Description

Stack-based buffer overflow in an ActiveX control in ienipp.ocx in Novell iPrint Client 5.52 allows remote attackers to execute arbitrary code via a long argument to (1) the GetDriverSettings2 method, as reachable by (2) the GetDriverSettings method.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-g7wv-3422-j9xv: Stack-based buffer overflow in an ActiveX control in ienipp2022-05-17
CVEList
CVE-2010-4321: Stack-based buffer overflow in an ActiveX control in ienipp2010-12-30

💥Exploits & PoCs

2
Exploit-DB
Novell iPrint Client 5.52 - ActiveX Control Buffer Overflow (Metasploit)2011-03-07
Exploit-DB
Novell iPrint 5.52 - ActiveX 'GetDriverSettings()' Command Execution2011-01-19

🔍Detection Rules

1
Suricata
ET ACTIVEX Novell iPrint ActiveX GetDriverSettings Remote Code Execution Attempt2011-01-20
CVE-2010-4321 — Novell Iprint Client vulnerability | cvebase