Arbitrary Shortcut Creation Vulnerability in Citrix Program Neighborhood Agent for Win32
CVE-2004-1077

Currently unrated

Key Information:

Vendor
Citrix
Vendor
CVE Published:
26 April 2004

Summary

The Citrix Program Neighborhood Agent for Win32 and the MetaFrame Presentation Server client for WinCE are susceptible to a vulnerability that allows remote servers to create arbitrary shortcuts on a client's system. By exploiting the AppInStartmenu directive with a full UNC path, attackers can manipulate the client's start menu, potentially leading to further compromises of the system. This issue affects versions prior to 8.33 for WinCE and 8.00.24737 for Win32, necessitating immediate attention to update and patch the affected systems.

References

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.