### Key Information #### Vulnerability Overview - **Title**: Security Vulnerability - Novell iPrint op-printer-list-all-jobs cookie Remote Code Execution Vulnerability - **Document ID**: 7008731 - **Environment**: Novell iPrint Client for Windows #### Vulnerability Details - **Context**: A remote attacker can execute arbitrary code on a vulnerable installation of Novell iPrint Client. User interaction is required to exploit this vulnerability; the target must access a malicious page or open a malicious file. The vulnerability resides in the nipplib component, which is used by ActiveX and Netscape-compatible browser plugins. When processing the `op-printer-list-all-jobs` parameter in a user-specified `printer-url`, the process blindly copies user-supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this to execute arbitrary code in the context of the browser. - **Status**: Security Alert #### Solution - **Fix**: The fix for this security vulnerability is included in the released "iPrint Client for Windows XP/Vista/Win 7 5.64" patch, available for download at: https://download.novell.com/Download?buildId=6_bNby38ERg~ or in any subsequent versions. #### Additional Information - **CVE ID**: CVE-2011-1708 - **Related Links**: ZDI Advisory ZDI-11-180 [http://www.zerodayinitiative.com/advisories/ZDI-11-180](http://www.zerodayinitiative.com/advisories/ZDI-11-180) - **Discoverer**: Discovered by Ivan Rodriguez Almuina in collaboration with TippingPoint's Zero Day Initiative.