nwspool.dll buffer overflow

  • 3125538
  • 06-Jun-2007
  • 27-Apr-2012


Novell Client for Windows 2000/XP/2003 4.91 Support Pack 2 Utilities


Passing a string of 458 or more characters in the first argument to the
OpenPrinter() function results in a buffer overflow in the Spooler
service and the overwriting of a saved instruction pointer. An
identical result is achieved by specifying a string of 524 or more
characters, followed by an exclamation point, as the second argument to
the EnumPrinters() function.


This problem is resolved in nwspool.dll dated 13Nov2006 or later.


Security Alert

Additional Information

Vulnerability was found by TippingPoint, a division of 3Com.  The advisory number is CVE‑2006‑5854.