Novell iPrint Client nipplib.dll ActiveX (ienipp.ocx) IppCreateServerRef Function Overflow

High Nessus Plugin ID 34085


The remote Windows host has an application that is affected by a buffer overflow vulnerability.


The installed version of Novell iPrint Client is affected by a buffer overflow vulnerability.

By passing very long arguments to either 'GetPrinterURLList()', 'GetPrinterURLList2()', or 'GetFileList2()' functions available in ActiveX control 'ienipp.ocx', it may be possible to cause a heap-based buffer overflow in function 'IppCreateServerRef()' provided by 'nipplib.dll'.

Successful exploitation of this issue may result in arbitrary code execution on the remote system.


Upgrade to

- Novell iPrint Client for Vista 5.08 or
- Novell iPrint Client for Windows 4.38

See Also

Plugin Details

Severity: High

ID: 34085

File Name: novell_iprint_buffer_overflow.nasl

Version: $Revision: 1.13 $

Type: local

Agent: windows

Family: Windows

Published: 2008/09/04

Modified: 2017/08/15

Dependencies: 11936, 13855

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

Vulnerability Information

CPE: cpe:/a:novell:iprint

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2008/09/03

Reference Information

CVE: CVE-2008-2436

BID: 30986

OSVDB: 47897

Secunia: 31370

CWE: 94