Novell iPrint Client Stack Buffer Overflow (Nov 23, 2010)


Novell iPrint, a technology developed by Novell, allows users to install printer-drivers from a web browser and to submit print jobs over the Internet or a local network through the standard Internet Printing Protocol (IPP). Although the iPrint system uses Novell infrastructure, desktop users require only an iPrint client.

Novell iPrint Client is bundled with a set of ActiveX controls that implement various functions. One of the ActiveX controls named ienipp.ocx, is associated with CLSID “36723f97-7aa0-11d4-8919-ff2d71d0d32c”, and ProgID “ienipp.Novell iPrint Control”. It can be instantiated in a web page using the tag or via scripting. For example:



 obj = new ActiveXObject("ienipp.Novell iPrint Control") 

ActiveX Control ienipp.Novell iPrint Control exposes IppGetDriverSettings2() method with the following script:


There is a stack-buffer-overflow vulnerability in Novell iPrint client library nipplib.dll. This vulnerability exists in function IppGetDriverSettings2() and it copies the provided arguments into a Stack buffer without validating the length of the string. A remote attacker could exploit this vulnerability via a web page that passes the large crafted argument to vulnerable ActiveX control method. A successful exploitation would cause buffer overflow that may allow for arbitrary code injection and execution in the security context of the currently logged on user.

SonicWALL UTM team has researched this vulnerability and created the following IPS signatures to detect the attacks addressing this vulnerability.

  • 6022 Novell iPrint ActiveX GetDriverSettings Method Invocation
  • 6023 Novell iPrint ActiveX GetDriverSettings2 Method Invocation

This vulnerability has not been assigned a Common Vulnerabilities and Exposures (CVE) identifier.

Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.

Pin It on Pinterest