Citrix Access Gateway Multiple Vulnerabilities

Last Update Date: 2 Aug 2012 18:30 Release Date: 2 Aug 2012 4435 Views

RISK: High Risk

High Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

Multiple vulnerabilities have been identified in Citrix Access Gateway.

  1. A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a buffer overflow in the Citrix Access Gateway Plug-in for Windows ActiveX control and execute arbitrary code on the target user's system. The code will run with the privileges of the target user.
    Note: Vendor patch is not available for this vulnerability.
  2. A remote user can view files on the target system, use the target system as an open proxy, and inject text content.

Impact

  • Remote Code Execution
  • Information Disclosure
  • Data Manipulation

System / Technologies affected

  • Citrix Access Gateway Plug-in for Windows 9.x
  • Citrix nsepacom ActiveX Control 9.x
  • Citrix Access Gateway versions 5.0.4 and prior versions

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Vulnerability Identifier

Source

Related Link

Share with

Previous

MIT Kerberos Key Distribution Center Heap Overflow Vulnerability

1 Aug 2012 4564 Views

Next

Google Chrome Multiple Vulnerabilities

2 Aug 2012 4445 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY