CVE-2008-2431

CVSS V2 High 9.3 CVSS V3 None
Description
Multiple buffer overflows in Novell iPrint Client before 5.06 allow remote attackers to execute arbitrary code by calling the Novell iPrint ActiveX control (aka ienipp.ocx) with (1) a long third argument to the GetDriverFile method; a long first argument to the (2) GetPrinterURLList or (3) GetPrinterURLList2 method; (4) a long argument to the GetFileList method; a long argument to the (5) GetServerVersion, (6) GetResourceList, or (7) DeleteResource method, related to nipplib.dll; a long uploadPath argument to the (8) UploadPrinterDriver or (9) UploadResource method, related to URIs; (10) a long seventh argument to the UploadResource method; a long string in the (11) second, (12) third, or (13) fourth argument to the GetDriverSettings method, related to the IppGetDriverSettings function in nipplib.dll; or (14) a long eighth argument to the UploadResourceToRMS method.
Overview
  • CVE ID
  • CVE-2008-2431
  • Assigner
  • PSIRT-CNA@flexerasoftware.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2008-11-26T01:30:00
  • Last Modified Date
  • 2017-08-08T01:31:02
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:novell:iprint:*:*:*:*:*:*:*:* 1 OR 5.04
cpe:2.3:a:novell:iprint:4.26:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:novell:iprint:4.27:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:novell:iprint:4.28:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:novell:iprint:4.30:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:novell:iprint:4.32:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:novell:iprint:4.34:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:novell:iprint:4.36:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:novell:iprint:4.38:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:C/I:C/A:C
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • COMPLETE
  • Integrity Impact
  • COMPLETE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 9.3
  • Severity
  • HIGH
  • Exploitability Score
  • 8.6
  • Impact Score
  • 10
History
Created Old Value New Value Data Type Notes
2022-05-10 09:07:36 Added to TrackCVE