Description: A weakness has been reported in Citrix Presentation Server, which potentially can be exploited by malicious people to compromise a vulnerable system.
The problem is that published applications and potentially other applications can be launched when invoking an ICA connection to a Citrix Presentation Server. This can be exploited to e.g. launch published applications with specially crafted parameters on a Citrix Presentation Server when a user is tricked into visiting a malicious website or opening a malicious .ICA file.
Successful exploitation requires that the target user is authorized to execute the published application and that the Citrix Presentation Server is configured e.g. to allow parameters to be passed to published applications.
The weakness affects the following products:
* Access Essentials 1.0
* Citrix Access Essentials 1.5
* Citrix Access Essentials 2.0
* Citrix MetaFrame Presentation Server 3.0 for Microsoft Windows 2000
* Citrix MetaFrame Presentation Server 3.0 for Microsoft Windows 2003
* Citrix Presentation Server 4.0 for Microsoft Windows 2000
* Citrix Presentation Server 4.0 for Microsoft Windows 2003
* Citrix Presentation Server 4.0 x64 Edition
* Citrix Presentation Server 4.5 for Windows Server 2003
* Citrix Presentation Server 4.5 for Windows Server 2003 Feature Pack 1
* Citrix Presentation Server 4.5 for Windows Server 2003 x64 Edition
Solution: Apply Hotfix Rollup Pack 2 (see vendor's advisory for details).
Provided and/or discovered by: .ICA files launching published applications via the "InitialProgram" key originally reported by wirepair and recently discussed by pdp.
Extended Solution: The "Extended Solution" section is available for Secunia customers only. Request a trial and get access to the Secunia Customer Area and Extended Secunia advisories.
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
