Novell iPrint Client GetPrinterURLList2 Remote Code Execution Vulnerability

Release date:
Updated on:

Affected Systems:
Novell iPrint Client for Windows 5.77
Novell iPrint Client for Windows 5.76
Novell iPrint Client for Windows 5.75
Novell iPrint Client for Windows 5.74
Novell iPrint Client for Windows 5.73
Novell iPrint Client for Windows 5.72
Novell iPrint Client for Windows 5.64
Novell iPrint Client for Windows 5.56
Novell iPrint Client for Windows 5.52
Novell iPrint Client for Windows 5.44
Novell iPrint Client for Windows 5.32
Novell iPrint Client for Windows 5.30
Novell iPrint Client for Windows 5.08
Novell iPrint Client for Windows 5.06
Novell iPrint Client for Windows 5.04
Novell iPrint Client for Windows 4.38
Novell iPrint Client for Windows 4.36
Novell iPrint Client for Windows 4.34
Unaffected system:
Novell iPrint Client for Windows 5.78
Description:
--------------------------------------------------------------------------------
Bugtraq id: 51926
CVE (CAN) ID: CVE-2011-4185

Novell iPrint is the print solution.

On Windows, the GetPrinterURLList2 method in ActiveX controls earlier than Novell iPrint Client 5.78 has a remote code execution vulnerability, which can cause remote code execution or DoS (Memory Corruption ).

<* Source: gwslabs.com
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Novell
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://support.novell.com/security-alerts