Heap-based Buffer Overflow in Citrix MetaFrame Related to IMA Service
CVE-2006-5821

Currently unrated

Key Information:

Vendor
Citrix
Vendor
CVE Published:
10 November 2006

Summary

A heap-based buffer overflow vulnerability exists in the IMA_SECURE_DecryptData1 function within the ImaSystem.dll component of Citrix MetaFrame and Presentation Server products. This flaw allows remote attackers to execute arbitrary code by sending specially crafted requests with invalid size values to the Independent Management Architecture (IMA) service (ImaSrv.exe). When triggered, this overflow occurs during decryption processes, potentially compromising the integrity of systems utilizing these Citrix products.

References

EPSS Score

9% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.