Arbitrary Shortcut Creation Vulnerability in Citrix Program Neighborhood Agent for Win32
CVE-2004-1077

Currently unrated

Key Information:

Vendor: Citrix
Status: Metaframe Client; Program Neighborhood Agent
Vendor: CVE Published:; 26 April 2004

Summary

The Citrix Program Neighborhood Agent for Win32 and the MetaFrame Presentation Server client for WinCE are susceptible to a vulnerability that allows remote servers to create arbitrary shortcuts on a client's system. By exploiting the AppInStartmenu directive with a full UNC path, attackers can manipulate the client's start menu, potentially leading to further compromises of the system. This issue affects versions prior to 8.33 for WinCE and 8.00.24737 for Win32, necessitating immediate attention to update and patch the affected systems.

References

http://secunia.com/advisories/15108

third-party-advisoryx_refsource_SECUNIA

http://www.idefense.com/application/poi/display?id=237&ty...

third-party-advisoryx_refsource_IDEFENSE

http://support.citrix.com/kb/entry.jspa?externalID=CTX105650

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Nov 29, 2004
Vulnerability published
Apr 26, 2004