CVE-2010-3106 (GCVE-0-2010-3106)
Vulnerability from cvelistv5
Published
2010-08-23 20:00
Modified
2024-08-07 02:55
Severity ?
CWE
  • n/a
Summary
The ienipp.ocx ActiveX control in the browser plugin in Novell iPrint Client before 5.42 does not properly validate the debug parameter, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a parameter value with a crafted length, related to the ExecuteRequest method.
References
cve@mitre.orghttp://download.novell.com/Download?buildid=ftwZBxEFjIg~Patch
cve@mitre.orghttp://dvlabs.tippingpoint.com/advisory/TPTI-10-06Patch
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12044
af854a3a-2127-422b-91ae-364da2661108http://download.novell.com/Download?buildid=ftwZBxEFjIg~Patch
af854a3a-2127-422b-91ae-364da2661108http://dvlabs.tippingpoint.com/advisory/TPTI-10-06Patch
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12044
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:55:46.678Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-10-06"
          },
          {
            "name": "oval:org.mitre.oval:def:12044",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12044"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://download.novell.com/Download?buildid=ftwZBxEFjIg~"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-07-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ienipp.ocx ActiveX control in the browser plugin in Novell iPrint Client before 5.42 does not properly validate the debug parameter, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a parameter value with a crafted length, related to the ExecuteRequest method."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-10-06"
        },
        {
          "name": "oval:org.mitre.oval:def:12044",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12044"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://download.novell.com/Download?buildid=ftwZBxEFjIg~"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-3106",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The ienipp.ocx ActiveX control in the browser plugin in Novell iPrint Client before 5.42 does not properly validate the debug parameter, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a parameter value with a crafted length, related to the ExecuteRequest method."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://dvlabs.tippingpoint.com/advisory/TPTI-10-06",
              "refsource": "MISC",
              "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-10-06"
            },
            {
              "name": "oval:org.mitre.oval:def:12044",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12044"
            },
            {
              "name": "http://download.novell.com/Download?buildid=ftwZBxEFjIg~",
              "refsource": "CONFIRM",
              "url": "http://download.novell.com/Download?buildid=ftwZBxEFjIg~"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-3106",
    "datePublished": "2010-08-23T20:00:00",
    "dateReserved": "2010-08-23T00:00:00",
    "dateUpdated": "2024-08-07T02:55:46.678Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-3106\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2010-08-23T22:00:03.393\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The ienipp.ocx ActiveX control in the browser plugin in Novell iPrint Client before 5.42 does not properly validate the debug parameter, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a parameter value with a crafted length, related to the ExecuteRequest method.\"},{\"lang\":\"es\",\"value\":\"El control ActiveX ienipp.ocx en el plugin para el navegador en el cliente de Novell iPrint antes de v5.42 no valida correctamente el par\u00e1metro debug, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (por corrupci\u00f3n de memoria de pila) a trav\u00e9s de un par\u00e1metro value con una longitud modificada a mano. Se trata de una vulnerabilidad relacionada con el m\u00e9todo ExecuteRequest.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:iprint:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.40\",\"matchCriteriaId\":\"583C6EB4-A372-4B15-8B3A-09A0D778ECA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:iprint:4.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3332CB43-D2ED-4720-8ED4-AE222C6F7FF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:iprint:4.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9AD9057-2218-481E-96CB-BF568AD3A9F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:iprint:4.28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D044326-00CB-4158-A652-7D7FBDB380C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:iprint:4.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3BDA0CD3-3E49-42E9-8D41-2B93FEE53610\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:iprint:4.32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AAB01661-76E1-4181-A798-6325EFD681FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:iprint:4.34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16769BC0-66AE-4AA3-B504-03389717A56D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:iprint:4.36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25B2994C-8E01-4E7B-A5CA-9F9BE4C634C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:iprint:4.38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCCA90D8-A320-43B0-A667-DAFC0D00924F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:iprint:5.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F12CAA5-6C37-4FBA-BA41-03C7F81AE6BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:iprint:5.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCA3CFFD-8D4B-4BEC-934A-7E5D18F87807\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:iprint:5.20b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2A31E77-BFE6-4F54-9839-8323F8E4995E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:iprint:5.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E8EC466-1CA2-4D8E-8D3F-F1246DC1850B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:iprint:5.32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27533465-909A-4300-A713-36924FB330CA\"}]}]}],\"references\":[{\"url\":\"http://download.novell.com/Download?buildid=ftwZBxEFjIg~\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://dvlabs.tippingpoint.com/advisory/TPTI-10-06\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12044\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://download.novell.com/Download?buildid=ftwZBxEFjIg~\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://dvlabs.tippingpoint.com/advisory/TPTI-10-06\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12044\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.