Update Protection against Novell iPrint Client ActiveX Control Stack Buffer Overflow Vulnerability
| Check Point Reference: | CPAI-2008-108 | |
| Date Published: | ||
| Severity: | ||
| Source: | Secunia Advisory: SA30709 | |
| Industry Reference(s): | CVE-2008-2908 | |
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? Novell iPrint Client prior to 4.36 | ||
| Vulnerability Description A stack buffer overflow vulnerability has been reported in Novell iPrint Client. Novell iPrint is an application that enables users to install and manage printers, or submit print job from a web browser. By convincing a user to visit a specially crafted Web page, a remote attacker may trigger this vulnerability to execute arbitrary code on an affected system. |
||
|
Update/Patch Available Update to version 4.36: Novell |
|
|
Vulnerability Details The vulnerability is due to a boundary error in a Novell iPrint ActiveX control. To trigger this issue, an attacker may create a malicious web page that will exploit this vulnerability. Successful exploitation may allow execution of arbitrary code on a vulnerable system. |
Protection Overview
By enabling this protection, SmartDefense will detect and block the vulnerable ActiveX Control. Depending on the traffic mix, activating this protection may result in performance degradation.
In order for the protection to be activated, update your VPN-1/InterSpect product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.