Heap-based Buffer Overflow in Citrix Presentation Server Client
CVE-2006-6334

Currently unrated

Key Information:

Vendor: Citrix
Status: Presentation Server Client
Vendor: CVE Published:; 8 December 2006

Summary

The heap-based buffer overflow vulnerability in the SendChannelData function of the Citrix Presentation Server Client allows attackers to exploit a flaw in the DataSize parameter. By submitting a value less than the actual length of the Data buffer, malicious remote websites can trigger an overflow condition, potentially leading to the execution of arbitrary code on the user's system. This vulnerability poses a significant risk, especially in environments relying on Citrix technologies for remote access.

References

http://secunia.com/advisories/23246

third-party-advisoryx_refsource_SECUNIA

http://securityreason.com/securityalert/1995

third-party-advisoryx_refsource_SREASON

http://www.vupen.com/english/advisories/2006/4865

vdb-entryx_refsource_VUPEN

EPSS Score

14% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 8, 2006
Vulnerability Reserved
Dec 6, 2006