Arbitrary Shortcut Creation Vulnerability in Citrix Program Neighborhood Agent for Win32
CVE-2004-1077
Currently unrated
Key Information:
- Vendor
- Citrix
- Vendor
- CVE Published:
- 26 April 2004
Summary
The Citrix Program Neighborhood Agent for Win32 and the MetaFrame Presentation Server client for WinCE are susceptible to a vulnerability that allows remote servers to create arbitrary shortcuts on a client's system. By exploiting the AppInStartmenu directive with a full UNC path, attackers can manipulate the client's start menu, potentially leading to further compromises of the system. This issue affects versions prior to 8.33 for WinCE and 8.00.24737 for Win32, necessitating immediate attention to update and patch the affected systems.
References
Timeline
Vulnerability Reserved
Vulnerability published