nwspool.dll buffer overflow

  • 3125538
  • 06-Jun-2007
  • 27-Apr-2012

Environment


Novell Client for Windows 2000/XP/2003 4.91 Support Pack 2 Utilities

Situation

Passing a string of 458 or more characters in the first argument to the
OpenPrinter() function results in a buffer overflow in the Spooler
service and the overwriting of a saved instruction pointer. An
identical result is achieved by specifying a string of 524 or more
characters, followed by an exclamation point, as the second argument to
the EnumPrinters() function.

Resolution

This problem is resolved in nwspool.dll dated 13Nov2006 or later.

Status

Security Alert

Additional Information

Vulnerability was found by TippingPoint, a division of 3Com.  The advisory number is CVE‑2006‑5854.