CVE-2008-0756

cyan soft cyanPrintIP and Opium OPI Server - Denial of Service via LPD Command 3 or 4

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0756. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary The provided text describes a format-string vulnerability and a denial-of-service vulnerability in multiple Cyan Soft products. The vulnerabilities allow arbitrary code execution or application termination due to insufficient input sanitization and improper handling of certain commands.

Description

The LPD server in cyan soft Opium OPI Server 4.10.1028 and earlier; cyanPrintIP Easy OPI, Professional, and Basic 4.10.1030 and earlier; Workstation 4.10.836 and earlier; and Standard 4.10.940 and earlier; allows remote attackers to cause a denial of service (daemon crash) via a connection that begins with (1) a "Send queue state" LPD command 3 or (2) a "Send queue state" LPD command 4.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Luigi Auriemma · textdosmultiple

https://www.exploit-db.com/exploits/31136

View Code ZIP pw:eip

The provided text describes a format-string vulnerability and a denial-of-service vulnerability in multiple Cyan Soft products. The vulnerabilities allow arbitrary code execution or application termination due to insufficient input sanitization and improper handling of certain commands.

Classification

Writeup 90%

Attack Type

Rce | Dos

Complexity

Moderate

Reliability

Theoretical

Target: Opium4 OPI Server 4.10.1028 and prior, cyanPrintIP Easy OPI 4.10.1030 and prior, cyanPrintIP Professional 4.10.1030 and prior, cyanPrintIP Workstation 4.10.836 and prior, cyanPrintIP Standard 4.10.940 and prior, cyanPrintIP Basic 4.10.1030 and prior

No auth needed

Prerequisites: Network access to the vulnerable application · Ability to send crafted input to the application

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →