CVE-2010-1527

Novell iPrint Client <5.44 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2010-1527. PoCs published by Trancer, Abysssec, including Metasploit module exploits/windows/browser/novelliprint_callbackurl.

AI-analyzed exploit summary This is a Metasploit module exploiting a stack-based buffer overflow in Novell iPrint Client ActiveX Control via an overly long 'call-back-url' parameter. It achieves remote code execution by leveraging heap spraying and shellcode injection.

Description

Stack-based buffer overflow in Novell iPrint Client before 5.44 allows remote attackers to execute arbitrary code via a long call-back-url parameter in an op-client-interface-version action.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Trancer · rubyremotewindows
https://www.exploit-db.com/exploits/15072

This is a Metasploit module exploiting a stack-based buffer overflow in Novell iPrint Client ActiveX Control via an overly long 'call-back-url' parameter. It achieves remote code execution by leveraging heap spraying and shellcode injection.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Novell iPrint Client 5.40, 5.42
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit · ActiveX controls must be enabled in Internet Explorer
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Abysssec · pythonremotewindows
https://www.exploit-db.com/exploits/15042

This exploit targets a stack overflow vulnerability in the Novell iPrint Client Browser Plugin (CVE-2010-1527) by crafting a malicious HTML file with an oversized 'call-back-url' parameter. The payload includes shellcode designed to execute calc.exe via a heap spray technique.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Novell iPrint Client plugin v5.42
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit · Novell iPrint Client plugin v5.42 must be installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/novelliprint_callbackurl.rb

This Metasploit module exploits a stack-based buffer overflow in the Novell iPrint Client ActiveX control (ienipp.ocx) via an overly long 'call-back-url' parameter. It delivers a payload through a malicious HTML page targeting vulnerable versions of the iPrint Client on Windows XP/Vista with IE 6/7.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Novell iPrint Client 5.40, 5.42 (ienipp.ocx)
No auth needed
Prerequisites: Victim must visit a malicious web page · ActiveX control must be enabled in IE · Target must use vulnerable iPrint Client version
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/61220
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/42576
Vendor Advisory x_refsource_misc
http://secunia.com/secunia_research/2010-104/
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11973
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/40805

Scores

EPSS 0.3599
EPSS Percentile 98.3%

Details

CWE
CWE-119
Status published
Products (15)
novell/iprint 4.26
novell/iprint 4.27
novell/iprint 4.28
novell/iprint 4.30
novell/iprint 4.32
novell/iprint 4.34
novell/iprint 4.36
novell/iprint 4.38
novell/iprint 5.04
novell/iprint 5.12
... and 5 more
Published Aug 23, 2010
Tracked Since Feb 18, 2026