Citrix Access Gateway Multiple Vulnerabilities
Last Update Date:
2 Aug 2012 18:30
Release Date:
2 Aug 2012
5148
Views
RISK: High Risk
TYPE: Security software and application - Security Software & Appliance
Multiple vulnerabilities have been identified in Citrix Access Gateway.
- A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a buffer overflow in the Citrix Access Gateway Plug-in for Windows ActiveX control and execute arbitrary code on the target user's system. The code will run with the privileges of the target user.
Note: Vendor patch is not available for this vulnerability. - A remote user can view files on the target system, use the target system as an open proxy, and inject text content.
Impact
- Remote Code Execution
- Information Disclosure
- Data Manipulation
System / Technologies affected
- Citrix Access Gateway Plug-in for Windows 9.x
- Citrix nsepacom ActiveX Control 9.x
- Citrix Access Gateway versions 5.0.4 and prior versions
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Vendor patch is not available for the first vulnerability.
- The vendor has issued a fix for the second vulnerability.
http://support.citrix.com/article/CTX133648
Vulnerability Identifier
Source
Related Link
Share with