Novell iPrint Client for Windows
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Novell iPrint Client browser plugin. User interaction is required in that a target must visit a malicious web page. The specific flaw exists within handling plugin parameters. The application does not properly verify the name of parameters passed via <embed> tags. If a malicious attacker provides a long enough value a destination buffer can be overflowed. Successful exploitation leads to execution of arbitrary code under the context of the user owning the browser process. When handling plugin parameter name a stack buffer is copied to without first verifying adequate size. EIP can be overwritten allowing code execution.
Fix is included in "iPrint Client for Windows XP/Vista/Win7 5.42"