Environment
Novell Client for Windows 2000/XP/2003 4.91 Support Pack 2 Utilities
Situation
Passing a string of 458 or more characters in the first argument to the
OpenPrinter() function results in a buffer overflow in the Spooler
service and the overwriting of a saved instruction pointer. An
identical result is achieved by specifying a string of 524 or more
characters, followed by an exclamation point, as the second argument to
the EnumPrinters() function.
Resolution
This problem is resolved in nwspool.dll dated 13Nov2006 or
later.
Status
Security AlertAdditional Information
Vulnerability was found by TippingPoint, a division of 3Com.
The advisory number is CVE‑2006‑5854.