Security Vulnerability - Novell iPrint Client boundary error in the parsing of certain time information

  • 7006673
  • 19-Aug-2010
  • 26-Apr-2012

Environment

The vulnerability is caused by a boundary error in the handling of the "target-frame" parameter and can be exploited to cause a stack-based buffer overflow via an overly long parameter value.

Successful exploitation allows execution of arbitrary code when a user visits a malicious website.

Situation

The vulnerability is caused by a boundary error in the parsing of certain time information and can be exploited to cause a stack-based buffer overflow via
overly long strings passed to certain parameters and methods.

Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious website. 

Resolution

Fixed in OES2 SP2 January 2010 Scheduled Maintenance 20100130

Status

Security Alert

Additional Information

Found by Secunia Research, SA37169#2: Novell iPrint Client boundary error in the parsing of certain time information