Vulnerability Details : CVE-2009-1568
Public exploit exists!
Stack-based buffer overflow in ienipp.ocx in Novell iPrint Client 5.30, and possibly other versions before 5.32, allows remote attackers to execute arbitrary code via a long target-frame parameter.
Vulnerability category: OverflowExecute code
Products affected by CVE-2009-1568
- cpe:2.3:a:novell:iprint_client:5.30:*:*:*:*:*:*:*
- cpe:2.3:a:novell:iprint_client:5.31:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-1568
91.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2009-1568
-
Novell iPrint Client ActiveX Control target-frame Buffer Overflow
Disclosure Date: 2009-12-08First seen: 2020-04-26exploit/windows/browser/novelliprint_target_frameThis module exploits a stack buffer overflow in Novell iPrint Client 5.30. When passing an overly long string via the "target-frame" parameter to ienipp.ocx an attacker can execute arbitrary code. NOTE: The "operation" variable must be set to a valid command in orde
CVSS scores for CVE-2009-1568
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2009-1568
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-1568
-
http://download.novell.com/Download?buildid=29T3EFRky18~
Patch
-
http://www.securityfocus.com/bid/37242
Novell iPrint Client Remote Buffer Overflow VulnerabilitiesPatch
-
http://www.securityfocus.com/archive/1/508289/100/0/threaded
-
http://www.vupen.com/english/advisories/2009/3429
Patch;Vendor Advisory
Jump to