Zero Day Initiative Advisory 10-139 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Novell iPrint Client browser plugin. User interaction is required in that a target must visit a malicious web page. The specific flaw exists within handling plugin parameters. The application does not properly verify the name of parameters passed via <embed> tags. If a malicious attacker provides a long enough value a destination buffer can be overflowed. Successful exploitation leads to execution of arbitrary code under the context of the user owning the browser process.
06fb9f5ae755ed44531d02c6e1da013e89f8a8c2ed7e4e4605ea10819226e153