Vulnerability Description
Multiple heap-based buffer overflows in the IppCreateServerRef function in nipplib.dll in Novell iPrint Client 4.x before 4.38 and 5.x before 5.08 allow remote attackers to execute arbitrary code via a long argument to the (1) GetPrinterURLList, (2) GetPrinterURLList2, or (3) GetFileList2 function in the Novell iPrint ActiveX control in ienipp.ocx.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Novell | Iprint Client | 4.26 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/31370PatchVendor Advisory
- http://secunia.com/secunia_research/2008-33/advisoryVendor Advisory
- http://securityreason.com/securityalert/4228
- http://www.securityfocus.com/archive/1/495940/100/0/threaded
- http://www.securityfocus.com/bid/30986
- http://www.securitytracker.com/id?1020806
- http://www.vupen.com/english/advisories/2008/2481
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44853
- http://secunia.com/advisories/31370PatchVendor Advisory
- http://secunia.com/secunia_research/2008-33/advisoryVendor Advisory
- http://securityreason.com/securityalert/4228
- http://www.securityfocus.com/archive/1/495940/100/0/threaded
- http://www.securityfocus.com/bid/30986
- http://www.securitytracker.com/id?1020806
- http://www.vupen.com/english/advisories/2008/2481
FAQ
What is CVE-2008-2436?
CVE-2008-2436 is a vulnerability with a CVSS score of 9.3 (HIGH). Multiple heap-based buffer overflows in the IppCreateServerRef function in nipplib.dll in Novell iPrint Client 4.x before 4.38 and 5.x before 5.08 allow remote attackers to execute arbitrary code via ...
How severe is CVE-2008-2436?
CVE-2008-2436 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-2436?
Check the references section above for vendor advisories and patch information. Affected products include: Novell Iprint Client.