CVE-2011-4186
Novell iPrint nipplib.dll client-file-name Parsing Remote Code Execution Vulnerability
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code via a crafted client-file-name parameter in a printer-url, a different vulnerability than CVE-2011-1705.
Una vulnerabilidad de desbordamiento de pila basado en búfer en nipplib.dll en el cliente de Novell iPrint antes de v5.78 bajo Windows permite a atacantes remotos ejecutar código de su elección a través de un parámetro client-file-name (nombre de archivo cliente) en una URL de impresora. Se trata de una vulnerabilidad diferente a CVE-2011-1705.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins as well as the Microsoft Windows spooler service. When handling certain requests the client-file-name parameter is improperly copied to a local stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM.
*Credits:
Ivan Rodriguez Almuina
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-10-25 CVE Reserved
- 2012-02-20 CVE Published
- 2024-09-17 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.novell.com/support/viewContent.do?externalId=7008708 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.novell.com/support/viewContent.do?externalId=7010145 | 2012-02-22 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Novell Search vendor "Novell" | Iprint Search vendor "Novell" for product "Iprint" | <= 5.74 Search vendor "Novell" for product "Iprint" and version " <= 5.74" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Novell Search vendor "Novell" | Iprint Search vendor "Novell" for product "Iprint" | 4.26 Search vendor "Novell" for product "Iprint" and version "4.26" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Novell Search vendor "Novell" | Iprint Search vendor "Novell" for product "Iprint" | 4.27 Search vendor "Novell" for product "Iprint" and version "4.27" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Novell Search vendor "Novell" | Iprint Search vendor "Novell" for product "Iprint" | 4.28 Search vendor "Novell" for product "Iprint" and version "4.28" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Novell Search vendor "Novell" | Iprint Search vendor "Novell" for product "Iprint" | 4.30 Search vendor "Novell" for product "Iprint" and version "4.30" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Novell Search vendor "Novell" | Iprint Search vendor "Novell" for product "Iprint" | 4.32 Search vendor "Novell" for product "Iprint" and version "4.32" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Novell Search vendor "Novell" | Iprint Search vendor "Novell" for product "Iprint" | 4.34 Search vendor "Novell" for product "Iprint" and version "4.34" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Novell Search vendor "Novell" | Iprint Search vendor "Novell" for product "Iprint" | 4.36 Search vendor "Novell" for product "Iprint" and version "4.36" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Novell Search vendor "Novell" | Iprint Search vendor "Novell" for product "Iprint" | 4.38 Search vendor "Novell" for product "Iprint" and version "4.38" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Novell Search vendor "Novell" | Iprint Search vendor "Novell" for product "Iprint" | 5.04 Search vendor "Novell" for product "Iprint" and version "5.04" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Novell Search vendor "Novell" | Iprint Search vendor "Novell" for product "Iprint" | 5.12 Search vendor "Novell" for product "Iprint" and version "5.12" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Novell Search vendor "Novell" | Iprint Search vendor "Novell" for product "Iprint" | 5.20b Search vendor "Novell" for product "Iprint" and version "5.20b" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Novell Search vendor "Novell" | Iprint Search vendor "Novell" for product "Iprint" | 5.30 Search vendor "Novell" for product "Iprint" and version "5.30" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Novell Search vendor "Novell" | Iprint Search vendor "Novell" for product "Iprint" | 5.32 Search vendor "Novell" for product "Iprint" and version "5.32" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Novell Search vendor "Novell" | Iprint Search vendor "Novell" for product "Iprint" | 5.40 Search vendor "Novell" for product "Iprint" and version "5.40" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Novell Search vendor "Novell" | Iprint Search vendor "Novell" for product "Iprint" | 5.42 Search vendor "Novell" for product "Iprint" and version "5.42" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Novell Search vendor "Novell" | Iprint Search vendor "Novell" for product "Iprint" | 5.44 Search vendor "Novell" for product "Iprint" and version "5.44" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Novell Search vendor "Novell" | Iprint Search vendor "Novell" for product "Iprint" | 5.50 Search vendor "Novell" for product "Iprint" and version "5.50" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Novell Search vendor "Novell" | Iprint Search vendor "Novell" for product "Iprint" | 5.52 Search vendor "Novell" for product "Iprint" and version "5.52" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Novell Search vendor "Novell" | Iprint Search vendor "Novell" for product "Iprint" | 5.56 Search vendor "Novell" for product "Iprint" and version "5.56" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Novell Search vendor "Novell" | Iprint Search vendor "Novell" for product "Iprint" | 5.60 Search vendor "Novell" for product "Iprint" and version "5.60" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Novell Search vendor "Novell" | Iprint Search vendor "Novell" for product "Iprint" | 5.64 Search vendor "Novell" for product "Iprint" and version "5.64" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Novell Search vendor "Novell" | Iprint Search vendor "Novell" for product "Iprint" | 5.68 Search vendor "Novell" for product "Iprint" and version "5.68" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Novell Search vendor "Novell" | Iprint Search vendor "Novell" for product "Iprint" | 5.72 Search vendor "Novell" for product "Iprint" and version "5.72" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|