Skip to main content

Citrix Access Gateway Multiple Vulnerabilities

Last Update Date: 2 Aug 2012 18:30 Release Date: 2 Aug 2012 5148 Views

RISK: High Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

Multiple vulnerabilities have been identified in Citrix Access Gateway.

  1. A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a buffer overflow in the Citrix Access Gateway Plug-in for Windows ActiveX control and execute arbitrary code on the target user's system. The code will run with the privileges of the target user.
    Note: Vendor patch is not available for this vulnerability.
  2. A remote user can view files on the target system, use the target system as an open proxy, and inject text content.

Impact

  • Remote Code Execution
  • Information Disclosure
  • Data Manipulation

System / Technologies affected

  • Citrix Access Gateway Plug-in for Windows 9.x
  • Citrix nsepacom ActiveX Control 9.x
  • Citrix Access Gateway versions 5.0.4 and prior versions

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.


Vulnerability Identifier


Source


Related Link