CVE-2010-3106

Novell iPrint < 5.42 - Remote Code Execution via ienipp.ocx Debug Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2010-3106. PoCs published by Metasploit, Trancer, including Metasploit module exploits/windows/browser/novelliprint_executerequest_dbg.

AI-analyzed exploit summary This is a Metasploit module exploiting a stack-based buffer overflow in Novell iPrint Client ActiveX Control via the 'debug' parameter in ExecuteRequest(). It achieves remote code execution by sending an overly long string to the vulnerable parameter.

Description

The ienipp.ocx ActiveX control in the browser plugin in Novell iPrint Client before 5.42 does not properly validate the debug parameter, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a parameter value with a crafted length, related to the ExecuteRequest method.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16492

This is a Metasploit module exploiting a stack-based buffer overflow in Novell iPrint Client ActiveX Control via the 'debug' parameter in ExecuteRequest(). It achieves remote code execution by sending an overly long string to the vulnerable parameter.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Novell iPrint Client 5.32, 5.40
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit · Novell iPrint Client ActiveX Control must be installed and enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Trancer · rubyremotewindows
https://www.exploit-db.com/exploits/15073

This is a Metasploit module exploiting a stack-based buffer overflow in Novell iPrint Client ActiveX Control via the 'debug' parameter in ExecuteRequest(). It delivers a payload through a crafted HTML page targeting vulnerable versions of the iPrint Client.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Novell iPrint Client 5.32, 5.40
No auth needed
Prerequisites: Victim must visit a malicious webpage using Internet Explorer with the vulnerable ActiveX control installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/novelliprint_executerequest_dbg.rb

This Metasploit module exploits a stack-based buffer overflow in the Novell iPrint Client ActiveX control by sending an overly long string to the 'debug' parameter in the ExecuteRequest() method, leading to arbitrary code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Novell iPrint Client 5.32, 5.40
No auth needed
Prerequisites: Victim must use Internet Explorer with the vulnerable Novell iPrint Client ActiveX control installed · Victim must visit a malicious webpage hosting the exploit
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12044

Scores

EPSS 0.3792
EPSS Percentile 98.4%

Details

CWE
CWE-20
Status published
Products (14)
novell/iprint 4.26
novell/iprint 4.27
novell/iprint 4.28
novell/iprint 4.30
novell/iprint 4.32
novell/iprint 4.34
novell/iprint 4.36
novell/iprint 4.38
novell/iprint 5.04
novell/iprint 5.12
... and 4 more
Published Aug 23, 2010
Tracked Since Feb 18, 2026