SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Novell iPrint Vendors:   Novell
Novell iPrint Buffer Overflows in Processing Printer URL Parameters Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1025606
SecurityTracker URL:  http://securitytracker.com/id/1025606
CVE Reference:   CVE-2011-1699, CVE-2011-1700, CVE-2011-1701, CVE-2011-1702, CVE-2011-1703, CVE-2011-1704, CVE-2011-1705, CVE-2011-1706, CVE-2011-1707, CVE-2011-1708   (Links to External Site)
Date:  Jun 7 2011
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 5.64
Description:   Multiple vulnerabilities were reported in Novell iPrint. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a buffer overflow and execute arbitrary code on the target user's system. The code will run with the privileges of the target user.

The 'uri' parameter is affected [CVE-2011-1699].

The 'profile-time' parameter is affected [CVE-2011-1700].

The 'profile-name' parameter is affected [CVE-2011-1701].

The 'file-date-time' parameter is affected [CVE-2011-1702].

The 'driver-version' parameter is affected [CVE-2011-1703].

The 'core-package' parameter is affected [CVE-2011-1704].

The 'client-file-name' parameter is affected [CVE-2011-1705].

The 'iprint-client-config-info' parameter is affected [CVE-2011-1706].

The 'op-printer-list-all-jobs' parameter is affected [CVE-2011-1707].

The 'op-printer-list-all-jobs' parameter is affected [CVE-2011-1708].

Ivan Rodriguez Almuina reported these vulnerabilities via TippingPoint's Zero Day Initiative.

Impact:   A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution:   The vendor has issued a fix (5.64).

The vendor's advisory is available at:

http://download.novell.com/Download?buildid=6_bNby38ERg~

Vendor URL:  download.novell.com/Download?buildid=6_bNby38ERg~ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (2003), Windows (2008), Windows (7), Windows (Vista), Windows (XP)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC