CVE-2006-5821

Currently unrated

Key Information:

Vendor: Citrix
Status: Metaframe Presentation Server; Metaframe
Vendor: CVE Published:; 10 November 2006

Summary

Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ImaSystem.dll for Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to execute arbitrary code via requests to the Independent Management Architecture (IMA) service (ImaSrv.exe) with invalid size values that trigger the overflow during decryption.

References

http://www.securityfocus.com/archive/1/451337/100/100/thr...

mailing-listx_refsource_BUGTRAQ

http://www.zerodayinitiative.com/advisories/ZDI-06-038.html

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/30148

vdb-entryx_refsource_XF

EPSS Score

52% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 10, 2006
Vulnerability Reserved
Nov 8, 2006

Collectors

NVD DatabaseMitre Database