Heap-based Buffer Overflow in Citrix Presentation Server Client
CVE-2006-6334

Currently unrated

Key Information:

Vendor: Citrix
Status: Presentation Server Client
Vendor: CVE Published:; 8 December 2006

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 20%

What is CVE-2006-6334?

The heap-based buffer overflow vulnerability in the SendChannelData function of the Citrix Presentation Server Client allows attackers to exploit a flaw in the DataSize parameter. By submitting a value less than the actual length of the Data buffer, malicious remote websites can trigger an overflow condition, potentially leading to the execution of arbitrary code on the user's system. This vulnerability poses a significant risk, especially in environments relying on Citrix technologies for remote access.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2006-6334 - Proof of Concept

References

http://secunia.com/advisories/23246

third-party-advisoryx_refsource_SECUNIA

http://securityreason.com/securityalert/1995

third-party-advisoryx_refsource_SREASON

http://www.vupen.com/english/advisories/2006/4865

vdb-entryx_refsource_VUPEN

EPSS Score

20% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Dec 8, 2006
👾
Exploit known to exist
Dec 8, 2006
Vulnerability published
Dec 8, 2006
Vulnerability Reserved
Dec 6, 2006

CVE-2006-6334 Data

JSON