Security Vulnerability - Novell iPrint Client Browser Plugin Execute Request debug Parameter Remote Code Execution

  • Document ID:7006677
  • Creation Date:19-Aug-2010
  • Modified Date:26-Apr-2012
    • Micro Focus Products:
      iPrint

Environment

Novell iPrint Client for Windows

Situation

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Novell iPrint client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.

Resolution

Fix is included in "iPrint Client for Windows XP/Vista/Win7 5.42"

Status

Security Alert

Additional Information

ZDI-CAN-858: "Novell iPrint Client Browser Plugin Execute Request debug Parameter Remote Code Execution."
This vulnerability was discovered by Aaron Portnoy, TippingPoint DVLabs. CVE-2010-4316.