|
Citrix Program Neighborhood Agent Two Vulnerabilities
|
|
Secunia Advisory:
|
SA15108
|
|
|
Release Date:
|
2005-04-26
|
|
Last Update:
|
2005-10-20
|
|
Popularity:
|
14,361 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Citrix Program Neighborhood Agent 8.x
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
Patrik Karlsson has reported two vulnerabilities in Citrix Program Neighborhood Agent, which can be exploited by malicious people to compromise a user's system.
1) A boundary error in the caching of information received from servers can be exploited to cause a stack-based buffer overflow and execute arbitrary code on a client system.
2) A design error allows arbitrary shortcuts to be created on a client system with the privileges of the logged in user. This can be exploited to eg. execute arbitrary programs when a user logs in the next time by placing a shortcut in the Startup folder.
Successful exploitation requires that the client has been configured to point to a malicious server.
The following clients are affected:
* Program Neighborhood Agent for Win32
* Citrix MetaFrame Presentation Server client for WinCE (versions including Program Neighborhood Agent)
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
