{"api_version":"1","generated_at":"2026-04-23T04:08:49+00:00","cve":"CVE-2008-0356","urls":{"html":"https://cve.report/CVE-2008-0356","api":"https://cve.report/api/cve/CVE-2008-0356.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2008-0356","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2008-0356"},"summary":{"title":"CVE-2008-0356","description":"Buffer overflow in the Independent Management Architecture (IMA) service in Citrix Presentation Server (MetaFrame Presentation Server) 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 allows remote attackers to execute arbitrary code via an invalid size value in a packet to TCP port 2512 or 2513.","state":"PUBLISHED","assigner":"mitre","published_at":"2008-01-18 22:00:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-119","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"10","severity":"","vector":"AV:N/AC:L/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"http://www.securitytracker.com/id?1019231","name":"http://www.securitytracker.com/id?1019231","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityTracker.com Archives - Citrix Presentation Server Buffer Overflow in IMA Service Lets Remote Users Execute Arbitrary Code","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2008/0172","name":"http://www.vupen.com/english/advisories/2008/0172","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://support.citrix.com/article/CTX114487","name":"http://support.citrix.com/article/CTX114487","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"CTX114487 - Vulnerability in Presentation Server's IMA Service could result in arbitrary code execution. - Citrix Knowledge Center","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/27329","name":"http://www.securityfocus.com/bid/27329","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Citrix Presentation Server IMA Service Buffer Overflow Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://zerodayinitiative.com/advisories/ZDI-08-002.html","name":"http://zerodayinitiative.com/advisories/ZDI-08-002.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Zero Day Initiative","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.kb.cert.org/vuls/id/412228","name":"http://www.kb.cert.org/vuls/id/412228","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["US Government Resource"],"title":"US-CERT Vulnerability Note VU#412228","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/486585/100/0/threaded","name":"http://www.securityfocus.com/archive/1/486585/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/28508","name":"http://secunia.com/advisories/28508","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Citrix Presentation Server IMA Service Buffer Overflow Vulnerability - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2008-0356","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-0356","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2008","cve_id":"356","vulnerable":"1","versionEndIncluding":"2.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"citrix","cpe5":"access_essentials","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"356","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"citrix","cpe5":"desktop_server","cpe6":"1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"356","vulnerable":"1","versionEndIncluding":"4.5","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"citrix","cpe5":"metaframe_presentation_server","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"356","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"citrix","cpe5":"presentation_server","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T07:39:35.209Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"20080117 ZDI-08-002: Citrix Presentation Server IMA Service Heap Overflow Vulnerability","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/486585/100/0/threaded"},{"name":"28508","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/28508"},{"name":"ADV-2008-0172","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2008/0172"},{"name":"VU#412228","tags":["third-party-advisory","x_refsource_CERT-VN","x_transferred"],"url":"http://www.kb.cert.org/vuls/id/412228"},{"name":"1019231","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1019231"},{"name":"27329","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/27329"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://zerodayinitiative.com/advisories/ZDI-08-002.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://support.citrix.com/article/CTX114487"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2008-01-17T00:00:00.000Z","descriptions":[{"lang":"en","value":"Buffer overflow in the Independent Management Architecture (IMA) service in Citrix Presentation Server (MetaFrame Presentation Server) 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 allows remote attackers to execute arbitrary code via an invalid size value in a packet to TCP port 2512 or 2513."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-15T20:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"20080117 ZDI-08-002: Citrix Presentation Server IMA Service Heap Overflow Vulnerability","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/486585/100/0/threaded"},{"name":"28508","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/28508"},{"name":"ADV-2008-0172","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2008/0172"},{"name":"VU#412228","tags":["third-party-advisory","x_refsource_CERT-VN"],"url":"http://www.kb.cert.org/vuls/id/412228"},{"name":"1019231","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1019231"},{"name":"27329","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/27329"},{"tags":["x_refsource_MISC"],"url":"http://zerodayinitiative.com/advisories/ZDI-08-002.html"},{"tags":["x_refsource_CONFIRM"],"url":"http://support.citrix.com/article/CTX114487"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2008-0356","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Buffer overflow in the Independent Management Architecture (IMA) service in Citrix Presentation Server (MetaFrame Presentation Server) 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 allows remote attackers to execute arbitrary code via an invalid size value in a packet to TCP port 2512 or 2513."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"20080117 ZDI-08-002: Citrix Presentation Server IMA Service Heap Overflow Vulnerability","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/486585/100/0/threaded"},{"name":"28508","refsource":"SECUNIA","url":"http://secunia.com/advisories/28508"},{"name":"ADV-2008-0172","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2008/0172"},{"name":"VU#412228","refsource":"CERT-VN","url":"http://www.kb.cert.org/vuls/id/412228"},{"name":"1019231","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1019231"},{"name":"27329","refsource":"BID","url":"http://www.securityfocus.com/bid/27329"},{"name":"http://zerodayinitiative.com/advisories/ZDI-08-002.html","refsource":"MISC","url":"http://zerodayinitiative.com/advisories/ZDI-08-002.html"},{"name":"http://support.citrix.com/article/CTX114487","refsource":"CONFIRM","url":"http://support.citrix.com/article/CTX114487"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2008-0356","datePublished":"2008-01-18T21:00:00.000Z","dateReserved":"2008-01-18T00:00:00.000Z","dateUpdated":"2024-08-07T07:39:35.209Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2008-01-18 22:00:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-119","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:access_essentials:*:*:*:*:*:*:*:*","versionEndIncluding":"2.0","matchCriteriaId":"96365CE2-22BF-408E-939F-22FFABF63061"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:desktop_server:1.0:*:*:*:*:*:*:*","matchCriteriaId":"08AEEC3F-E8DD-4535-98D2-4CFD83439A69"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:metaframe_presentation_server:*:*:*:*:*:*:*:*","versionEndIncluding":"4.5","matchCriteriaId":"B612D535-0FED-49B5-85B7-7B33CC1EF320"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:presentation_server:*:*:*:*:*:*:*:*","matchCriteriaId":"2B22EE40-B6D5-4A1D-B6F5-48E14FB189AD"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2008","CveId":"356","Ordinal":"1","Title":"CVE-2008-0356","CVE":"CVE-2008-0356","Year":"2008"},"notes":[{"CveYear":"2008","CveId":"356","Ordinal":"1","NoteData":"Buffer overflow in the Independent Management Architecture (IMA) service in Citrix Presentation Server (MetaFrame Presentation Server) 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 allows remote attackers to execute arbitrary code via an invalid size value in a packet to TCP port 2512 or 2513.","Type":"Description","Title":"CVE-2008-0356"},{"CveYear":"2008","CveId":"356","Ordinal":"2","NoteData":"2008-01-18","Type":"Other","Title":"Published"},{"CveYear":"2008","CveId":"356","Ordinal":"3","NoteData":"2018-10-15","Type":"Other","Title":"Modified"}]}}}