Citrix Presentation Server Client WFICA.OCX ActiveX Component Heap Buffer Overflow Vulnerability
BID:21458
Info
Citrix Presentation Server Client WFICA.OCX ActiveX Component Heap Buffer Overflow Vulnerability
| Bugtraq ID: | 21458 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2006-6334 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 06 2006 12:00AM |
| Updated: | Mar 26 2008 10:09PM |
| Credit: | The vendor credits Andrew Christensen of FortConsult and Aaron Portnoy of the TippingPoint Security Research Team. |
| Vulnerable: |
Citrix Presentation Server Client 9.200 |
| Not Vulnerable: |
Citrix Presentation Server Client 9.230 |
Discussion
Citrix Presentation Server Client WFICA.OCX ActiveX Component Heap Buffer Overflow Vulnerability
Citrix Presentation Server Client is prone to a heap buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in denial-of-service conditions.
Presentation Server Client 9.200 is vulnerable; other versions may also be affected.
Citrix Presentation Server Client is prone to a heap buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in denial-of-service conditions.
Presentation Server Client 9.200 is vulnerable; other versions may also be affected.
Exploit / POC
Citrix Presentation Server Client WFICA.OCX ActiveX Component Heap Buffer Overflow Vulnerability
An attacker may exploit this issue by enticing a victim into visiting a malicious webpage.
DSquare Security has developed a working commercial exploit for its D2 Exploitation Pack product. This exploit is not otherwise publicly available or known to be circulating in the wild.
UPDATE (March 26, 2008): The Symantec DeepSight Team has discovered active exploits in the wild.
The following exploit is available:
An attacker may exploit this issue by enticing a victim into visiting a malicious webpage.
DSquare Security has developed a working commercial exploit for its D2 Exploitation Pack product. This exploit is not otherwise publicly available or known to be circulating in the wild.
UPDATE (March 26, 2008): The Symantec DeepSight Team has discovered active exploits in the wild.
The following exploit is available:
Solution / Fix
Citrix Presentation Server Client WFICA.OCX ActiveX Component Heap Buffer Overflow Vulnerability
Solution:
The vendor released version 9.230 to address this issue. Please see the references for more information.
Citrix Presentation Server Client 9.200
Solution:
The vendor released version 9.230 to address this issue. Please see the references for more information.
Citrix Presentation Server Client 9.200
-
Citrix Citrix Presentation Server Client Package - Version 9.230
http://www.citrix.com/English/SS/downloads/details.asp?dID=2755&downlo adID=162299&pID=186
References
Citrix Presentation Server Client WFICA.OCX ActiveX Component Heap Buffer Overflow Vulnerability
References:
References:
- Citrix Homepage (Citrix)
- Citrix Presentation Server Home Page (Citrix)
- Vulnerability in Citrix Presentation Server Client for Windows could result in a (Citrix)
- FortConsult Citrix Advisory (FortConsult)