Novell iPrint Client Netscape/ActiveX Plugin Wide Character IPP Remote Code Execution Vulnerability

December 26th, 2010

Vulnerability Details

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. Authentication is not required to exploit this vulnerability.

The flaw exists within the nipplib.dll component which is used by both the Mozilla and IE browser plugins for iPrint Client. When handling an IPP response from a user provided printer-url the process does not properly validate the size of the destination buffer and copies user supplied data of an arbitrary length into a fixed length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.

Additional Details

The fix for this security vulnerability is included in the released "iPrint Client for Windows XP/Vista/Win 7 5.56" patch, available at http://download.novell.com/Download?buildid=JV7fd0tFHHM~.


Disclosure Timeline

  • 2010-11-30 - Vulnerability reported to vendor
  • 2010-12-26 - Coordinated public release of advisory

Credit

Ivan Rodriguez Almuina

Back to Advisories