Security Vulnerability - Novell iPrint Client Browser Plugin Remote Code Execution Vulnerability

  • 7006676
  • 19-Aug-2010
  • 26-Apr-2012

Environment

Novell iPrint Client for Windows

Situation

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Novell iPrint Client Browser Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within handling plugin parameters.

Resolution

Fix is included in "iPrint Client for Windows XP/Vista/Win7 5.42"

Status

Security Alert

Additional Information

ZDI-CAN-754: "Novell iPrint Client Browser Plugin Remote Code Execution Vulnerability."
This vulnerability was discovered by Ivan Almuina, working with TippingPoint's Zero Day Iniative. CVE-2010-4315.