Security Vulnerability - Novell iPrint Client "call-back-url" Buffer Overflow

  • 7006679
  • 19-Aug-2010
  • 26-Apr-2012

Environment

Novell iPrint Client for Windows

Situation

The vulnerability is caused by a boundary error in the handling of the "call-back-url" parameter value for a "op-client-interface-version" operation where the "result-type" parameter is set to "url". This can be exploited to cause a stack-based buffer overflow via an overly long "call-back-url" parameter value.

Successful exploitation allows execution of arbitrary code when a user visits a malicious website.

Resolution

Fix is included in "iPrint Client for Windows XP/Vista/Win7 5.44"

Status

Security Alert

Additional Information

Secunia advisory SA40805 and CVE identifier CVE-2010-1527.
Found by Carsten Eiram, Secunia Research.