Security update for Novell Client
TippingPoint has identified a security vulnerability in Novell Client that could allow a remote attacker to take control of a PC. The cause of the problem is a buffer overflow in the function EnumPrinter
in the printer spooler (NWSPOOL.DLL
). Specific RPC requests can provoke an overflow allowing an attacker to execute code and obtain system rights. Authentication is not required to exploit this vulnerability. Products affected are Novell Client 4.91 SP2, SP3 and SP4 for Windows 2000/XP/2003. The manufacturer has made an update available.
See also:
- Novell Client NWSPOOL.DLL EnumPrinters Stack Overflow Vulnerability, security advisory from TippingPoint.
(ehe)