Vulnerability Description
Stack-based buffer overflow in the EnumPrinters function in the Spooler service (nwspool.dll) in Novell Client 4.91 SP2, SP3, and SP4 for Windows allows remote attackers to execute arbitrary code via a crafted RPC request, aka Novell bug 353138, a different vulnerability than CVE-2006-5854. NOTE: this issue exists because of an incomplete fix for CVE-2007-6701.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows | All versions |
| Novell | Client | 4.91 |
Related Weaknesses (CWE)
References
- http://download.novell.com/Download?buildid=SszG22IIugM~Patch
- http://marc.info/?l=full-disclosure&m=120276962211348&w=2Patch
- http://secunia.com/advisories/28895PatchVendor Advisory
- http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5008300.
- http://www.securityfocus.com/archive/1/487980/100/0/threaded
- http://www.securityfocus.com/bid/27741Patch
- http://www.securitytracker.com/id?1019366
- http://www.vupen.com/english/advisories/2008/0496
- http://www.zerodayinitiative.com/advisories/ZDI-08-005.htmlPatch
- http://download.novell.com/Download?buildid=SszG22IIugM~Patch
- http://marc.info/?l=full-disclosure&m=120276962211348&w=2Patch
- http://secunia.com/advisories/28895PatchVendor Advisory
- http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5008300.
- http://www.securityfocus.com/archive/1/487980/100/0/threaded
- http://www.securityfocus.com/bid/27741Patch
FAQ
What is CVE-2008-0639?
CVE-2008-0639 is a vulnerability with a CVSS score of 10.0 (HIGH). Stack-based buffer overflow in the EnumPrinters function in the Spooler service (nwspool.dll) in Novell Client 4.91 SP2, SP3, and SP4 for Windows allows remote attackers to execute arbitrary code via ...
How severe is CVE-2008-0639?
CVE-2008-0639 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-0639?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows, Novell Client.