Citrix MetaFrame Web Client Access Restriction Bypass Vulnerability
BID:13081
Info
Citrix MetaFrame Web Client Access Restriction Bypass Vulnerability
| Bugtraq ID: | 13081 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 09 2005 12:00AM |
| Updated: | Apr 09 2005 12:00AM |
| Credit: | Discovery is credited to Ewerson "Guimarães" <[email protected]>. |
| Vulnerable: |
Citrix MetaFrame Web Client |
| Not Vulnerable: | |
Discussion
Citrix MetaFrame Web Client Access Restriction Bypass Vulnerability
A vulnerability affecting the application may allow an attacker to bypass restrictions and potentially launch restricted applications.
Apparently, an attacker with access to Microsoft Word can bypass restrictions by creating Word macros to launch arbitrary restricted applications.
All versions of Citrix MetaFrame Web Client are considered vulnerable at the moment.
Due to a lack of details, further information is not available at the moment. This BID will be updated when more information becomes available.
A vulnerability affecting the application may allow an attacker to bypass restrictions and potentially launch restricted applications.
Apparently, an attacker with access to Microsoft Word can bypass restrictions by creating Word macros to launch arbitrary restricted applications.
All versions of Citrix MetaFrame Web Client are considered vulnerable at the moment.
Due to a lack of details, further information is not available at the moment. This BID will be updated when more information becomes available.
Exploit / POC
Citrix MetaFrame Web Client Access Restriction Bypass Vulnerability
An exploit is not required.
An exploit is not required.
Solution / Fix
Citrix MetaFrame Web Client Access Restriction Bypass Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Citrix MetaFrame Web Client Access Restriction Bypass Vulnerability
References:
References:
- Citrix Homepage (Citrix)