Citrix Program Neighborhood Agent AppCache Buffer Overflow Vulnerability

Bugtraq ID:	13373
Class:	Boundary Condition Error
CVE:	CVE-2004-1078
Remote:	Yes
Local:	No
Published:	Apr 26 2005 12:00AM
Updated:	Jul 12 2009 02:06PM
Credit:	Discovery credited to Patrik Karlsson.
Vulnerable:	Citrix Program Neighborhood Agent for Win32 8.0 Citrix Metaframe Presentation Server client for WinCE 8.0
Not Vulnerable:

Citrix Program Neighborhood Agent AppCache Buffer Overflow Vulnerability

Citrix Program Neighborhood Agent is prone to a buffer overflow. Successful exploitation of this vulnerability could allow arbitrary code execution in the context of the application.

This issue was reported to affect Program Neighborhood Agent for Win32 and Citrix Metaframe Presentation Server client for WinCE.

Citrix Program Neighborhood Agent AppCache Buffer Overflow Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Citrix Program Neighborhood Agent AppCache Buffer Overflow Vulnerability

Solution:
Fixes are available:


Citrix Metaframe Presentation Server client for WinCE 8.0

• Citrix Client Updates
  http://www.citrix.com/English/SS/downloads/downloads.asp?dID=2755

Citrix Program Neighborhood Agent for Win32 8.0

• Citrix Client Updates
  http://www.citrix.com/English/SS/downloads/downloads.asp?dID=2755

Citrix Program Neighborhood Agent AppCache Buffer Overflow Vulnerability

References:

• Citrix Homepage (Citrix)
  
• CTX105650 Vulnerabilities in Program Neighborhood Agent could allow arbitrary c (Citrix)
  
• iDEFENSE Security Advisory 04.26.05: Citrix Program Neighborhood Agent Buffer Ov ("iDEFENSE Labs" )