Intrusion Prevention

Novell.iPrint.Client.ActiveX.GetDriverFile.Code.Execution

Description

This indicates an attempt to exploit a buffer-overflow vulnerability in Novell iPrint Client.
An error in the ActiveX control 'ienipp.ocx' makes it possible for an attacker to cause a buffer overflow. This can be accomplished by sending an excessively long string argument to the GetDriverFile method. As a result, the attacker can cause a denial of service or execute arbitrary code on the victim's system.

Affected Products

Novell iPrint Client for Windows before 4.36

Impact

System Compromise: remote attackers can gain control of vulnerable systems.
Denial of Service.

Recommended Actions

Upgrade to version 4.36, available from the following web site:
http://download.novell.com/Download?buildid=cbAVckbi_AM~

CVE References

CVE-2008-2431