VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-3107
iprint: A certain ActiveX control in ienipp.ocx in the brow...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3107

Original

A certain ActiveX control in ienipp.ocx in the browser plugin in Novell iPrint Client before 5.42 does not properly restrict the set of files to be deleted, which allows remote attackers to cause a denial of service (recursive file deletion) via unspecified vectors related to a "logic flaw" in the CleanUploadFiles method in the nipplib.dll module.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-08-23
Source Information Category:
Advisory, Alert
Last Updated:
2010-08-24




Affected Product Tags
cpe:/a:novell:iprint:4.26
cpe:/a:novell:iprint:4.27
cpe:/a:novell:iprint:4.28
cpe:/a:novell:iprint:4.30
cpe:/a:novell:iprint:4.32
cpe:/a:novell:iprint:4.34
cpe:/a:novell:iprint:4.36
cpe:/a:novell:iprint:4.38
cpe:/a:novell:iprint:5.04
cpe:/a:novell:iprint:5.12
cpe:/a:novell:iprint:5.20b
cpe:/a:novell:iprint:5.30
cpe:/a:novell:iprint:5.32
cpe:/a:novell:iprint:5.40 and previous versions
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
X Medium [?]
Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
[Integrity Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
[Availability Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
Alternatives




References
CONFIRM http://download.novell.com/Download?buildid=ftwZBxEFjIg~




MISC http://dvlabs.tippingpoint.com/advisory/TPTI-10-05




Vulnerability Type Permissions, Privileges, and Access Control (CWE-264)




Copyright © 2010 JPCERT/CC All Rights Reserved.