Key Information Vulnerability Overview Title: Security Vulnerability - Novell iPrint op-printer-list-all-jobs cookie Remote Code Execution Vulnerability Document ID: 7008731 Environment: Novell iPrint Client for Windows Vulnerability Details Context: A remote attacker can execute arbitrary code on a vulnerable installation of Novell iPrint Client. User interaction is required to exploit this vulnerability; the target must access a malicious page or open a malicious file. The vulnerability resides in the nipplib component, which is used by ActiveX and Netscape-compatible browser plugins. When processing the parameter in a user-specified , the process blindly copies user-supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this to execute arbitrary code in the context of the browser. Status: Security Alert Solution Fix: The fix for this security vulnerability is included in the released "iPrint Client for Windows XP/Vista/Win 7 5.64" patch, available for download at: https://download.novell.com/Download?buildId=6_bNby38ERg~ or in any subsequent versions. Additional Information CVE ID: CVE-2011-1708 Related Links: ZDI Advisory ZDI-11-180 http://www.zerodayinitiative.com/advisories/ZDI-11-180 Discoverer: Discovered by Ivan Rodriguez Almuina in collaboration with TippingPoint's Zero Day Initiative.