BID:22762

Citrix Presentation Server Client Unspecified Remote Code Execution Vulnerability

Info

Citrix Presentation Server Client Unspecified Remote Code Execution Vulnerability

Bugtraq ID:	22762
Class:	Unknown
CVE:	CVE-2007-1196
Remote:	Yes
Local:	No
Published:	Mar 01 2007 12:00AM
Updated:	May 12 2015 07:34PM
Credit:	The vendor credits Karl Lynn of Juniper Networks.
Vulnerable:	Citrix Presentation Server Client 9.230 Citrix Presentation Server Client 9.200

Not Vulnerable:	Citrix Presentation Server Client 10.0

Discussion

Citrix Presentation Server Client Unspecified Remote Code Execution Vulnerability

Citrix Presentation Server Client is prone to an unspecified remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. This may lead to remote unauthorized access.

All versions prior to 10.0 for Microsoft Windows platforms are vulnerable.

Exploit / POC

Solution / Fix

Citrix Presentation Server Client Unspecified Remote Code Execution Vulnerability

Solution:
The vendor released version 10.0 to address this issue. Please see the references for more information.

Citrix Presentation Server Client 9.200

Citrix Citrix Presentation Server Clients - Version 10.0
http://www.citrix.com/English/SS/downloads/details.asp?dID=2755&downlo adID=164538&pID=186

Citrix Presentation Server Client 9.230

Citrix Citrix Presentation Server Clients - Version 10.0
http://www.citrix.com/English/SS/downloads/details.asp?dID=2755&downlo adID=164538&pID=186

References

Citrix Presentation Server Client Unspecified Remote Code Execution Vulnerability

References:

Citrix Homepage (Citrix)
Citrix Presentation Server Home Page (Citrix)
New Vulnerability Found in Citrix Presentation Server Client for Windows (Juniper Security Research Lab)
Vulnerability in Citrix Presentation Server Client for Windows could result in a (Citrix)
Vulnerability Note VU#798364 Citrix Presentation Server Client vulnerable to arb (US-CERT)