Novell iPrint Control ActiveX (ienipp.ocx) ExecuteRequest() Method Overflow
High Nessus Plugin ID 31136
SynopsisThe remote Windows host has an ActiveX control that is affected by a buffer overflow vulnerability.
DescriptionThe remote host contains the iPrint Control ActiveX control distributed with Novell iPrint Client.
The installed version of that control reportedly contains a buffer overflow that can be triggered by passing an argument longer than 256 bytes to the 'ExecuteRequest' method. If a remote attacker can trick a user on the affected host into visiting a specially crafted web page, this issue could be leveraged to execute arbitrary code on the affected host subject to the user's privileges.
SolutionUpgrade to Novell iPrint Client for Windows 4.34 or later and ensure the control has a file version of 18.104.22.168 or higher.