Remote Code Execution Vulnerability in Novell iPrint Client ActiveX Plugin
CVE-2010-4314

8.8HIGH

Key Information:

Vendor: Novell
Status: Novell Iprint Webrowser Activex Plugin
Vendor: CVE Published:; 11 March 2017

What is CVE-2010-4314?

A vulnerability exists in the iPrint web-browser ActiveX plugin used by the Novell iPrint Client prior to version 5.42 for Windows OS. This flaw allows remote attackers to execute arbitrary code by exploiting a buffer overflow condition related to the 'name' parameter. Successful exploitation may lead to unauthorized actions on affected systems, potentially compromising the integrity and confidentiality of the data.

Affected Version(s)

Novell iPrint webrowser ActiveX plugin Novell iPrint webrowser ActiveX plugin

References

https://www.novell.com/support/kb/doc.php?id=7006675

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 11, 2017
Vulnerability Reserved
Nov 29, 2010