Heap-based Buffer Overflow in Citrix MetaFrame Related to IMA Service
CVE-2006-5821

Currently unrated

Key Information:

Vendor: Citrix
Status: Metaframe Presentation Server; Metaframe
Vendor: CVE Published:; 10 November 2006

Summary

A heap-based buffer overflow vulnerability exists in the IMA_SECURE_DecryptData1 function within the ImaSystem.dll component of Citrix MetaFrame and Presentation Server products. This flaw allows remote attackers to execute arbitrary code by sending specially crafted requests with invalid size values to the Independent Management Architecture (IMA) service (ImaSrv.exe). When triggered, this overflow occurs during decryption processes, potentially compromising the integrity of systems utilizing these Citrix products.

References

http://www.securityfocus.com/archive/1/451337/100/100/thr...

mailing-listx_refsource_BUGTRAQ

http://www.zerodayinitiative.com/advisories/ZDI-06-038.html

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/30148

vdb-entryx_refsource_XF

EPSS Score

9% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 10, 2006
Vulnerability Reserved
Nov 8, 2006