CVE-2011-1704 – Novell iPrint nipplib.dll core-package Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1704
Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted core-package parameter in a printer-url. Desbordamiento de búfer basado en memoria dinámica en nipplib.dll en Novell iPrint Client anterior a v5.64 permite a atacantes remotos ejecutar código de su elección a través del parámetro manipulado core-package en un printer-url. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the core-package parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the heap. • http://download.novell.com/Download?buildid=6_bNby38ERg~ http://secunia.com/advisories/44811 http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7008728 http://www.securityfocus.com/archive/1/518268/100/0/threaded http://www.securityfocus.com/bid/48124 http://www.securitytracker.com/id?1025606 http://zerodayinitiative.com/advisories/ZDI-11-177 https://exchange.xforce.ibmcloud.com/vulnerabilities/67879 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-1705 – Novell iPrint nipplib.dll client-file-name Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1705
Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted client-file-name parameter in a printer-url. Desbordamiento de búfer basado en memoria dinámica en nipplib.dll en Novell iPrint Client anterior a v5.64 permite a atacantes remotos ejecutar código de su elección a través del parámetro manipulado client-file-name en un printer-url. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the client-file-name parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the heap. • http://download.novell.com/Download?buildid=6_bNby38ERg~ http://secunia.com/advisories/44811 http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7008729 http://www.securityfocus.com/archive/1/518272/100/0/threaded http://www.securityfocus.com/bid/48124 http://www.securitytracker.com/id?1025606 http://zerodayinitiative.com/advisories/ZDI-11-178 https://exchange.xforce.ibmcloud.com/vulnerabilities/67880 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-1706 – Novell iPrint nipplib.dll iprint-client-config-info Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1706
Stack-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted iprint-client-config-info parameter in a printer-url. Desbordamiento de búfer basado en pila en nipplib.dll en Novell iPrint Client anterior a v5.64 permite a atacantes remotos ejecutar código de su elección a través del parámetro manipulado iprint-client-config-info en un printer-url. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the iprint-client-config-info parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the stack. • http://download.novell.com/Download?buildid=6_bNby38ERg~ http://secunia.com/advisories/44811 http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7008730 http://www.securityfocus.com/archive/1/518273/100/0/threaded http://www.securityfocus.com/bid/48124 http://www.securitytracker.com/id?1025606 http://zerodayinitiative.com/advisories/ZDI-11-179 https://exchange.xforce.ibmcloud.com/vulnerabilities/67881 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-1707 – Novell iPrint op-printer-list-all-jobs url Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1707
Stack-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted op-printer-list-all-jobs parameter in a printer-url. Desbordamiento de búfer basado en pila en nipplib.dll en Novell iPrint Client anterior a v5.64 permite a atacantes remotos ejecutar código de su elección a través del parámetro manipulado op-printer-list-all-jobs en un printer-url. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the op-printer-list-all-jobs parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the stack. • http://download.novell.com/Download?buildid=6_bNby38ERg~ http://secunia.com/advisories/44811 http://www.securityfocus.com/archive/1/518275/100/0/threaded http://www.securityfocus.com/bid/48124 http://www.securitytracker.com/id?1025606 http://zerodayinitiative.com/advisories/ZDI-11-181 https://exchange.xforce.ibmcloud.com/vulnerabilities/67883 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-1708 – Novell iPrint op-printer-list-all-jobs cookie Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1708
Stack-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted op-printer-list-all-jobs cookie. Desbordamiento de búfer basado en pila en nipplib.dll de Novell iPrint Client antes de v5.64, permite a atacantes remotos ejecutar código de su elección a través de una cookie manipulada en op-printer-list-all-jobs This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the op-printer-list-all-jobs parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser. • http://download.novell.com/Download?buildid=6_bNby38ERg~ http://secunia.com/advisories/44811 http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7008731 http://www.securityfocus.com/archive/1/518274/100/0/threaded http://www.securityfocus.com/bid/48124 http://www.securitytracker.com/id?1025606 http://zerodayinitiative.com/advisories/ZDI-11-180 https://exchange.xforce.ibmcloud.com/vulnerabilities/67882 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •