Vulnerability Description
The ienipp.ocx ActiveX control in the browser plugin in Novell iPrint Client before 5.42 does not properly validate the debug parameter, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a parameter value with a crafted length, related to the ExecuteRequest method.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Novell | Iprint | <= 5.40 |
Related Weaknesses (CWE)
References
- http://download.novell.com/Download?buildid=ftwZBxEFjIg~Patch
- http://dvlabs.tippingpoint.com/advisory/TPTI-10-06Patch
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://download.novell.com/Download?buildid=ftwZBxEFjIg~Patch
- http://dvlabs.tippingpoint.com/advisory/TPTI-10-06Patch
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2010-3106?
CVE-2010-3106 is a vulnerability with a CVSS score of 9.3 (HIGH). The ienipp.ocx ActiveX control in the browser plugin in Novell iPrint Client before 5.42 does not properly validate the debug parameter, which allows remote attackers to execute arbitrary code or caus...
How severe is CVE-2010-3106?
CVE-2010-3106 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-3106?
Check the references section above for vendor advisories and patch information. Affected products include: Novell Iprint.