CVE-2010-3107

Sažetak

A certain ActiveX control in ienipp.ocx in the browser plugin in Novell iPrint Client before 5.42 does not properly restrict the set of files to be deleted, which allows remote attackers to cause a denial of service (recursive file deletion) via unspecified vectors related to a "logic flaw" in the CleanUploadFiles method in the nipplib.dll module.

Reference

http://download.novell.com/Download?buildid=ftwZBxEFjIg~
http://dvlabs.tippingpoint.com/advisory/TPTI-10-05
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12074

CVSS

Base:	7.1
Impact:	6.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:N/A:C

Zadnje važnije ažuriranje

19-09-2017 - 01:31

Objavljeno

23-08-2010 - 22:00