Heap Offset Overflow Vulnerability in Citrix Online Plug-in and Receiver
CVE-2010-2990

Currently unrated

Key Information:

Vendor: Citrix
Status: Online Plug-in For Windows For Xenapp \& Xendesktop; Ica Client For Solaris; Receiver For Windows Mobile; Online Plug-in For Mac For Xenapp \& Xendesktop
Vendor: CVE Published:; 11 August 2010

Summary

The vulnerability in Citrix products allows remote attackers to execute arbitrary code by leveraging a heap offset overflow issue. This can occur through a maliciously crafted HTML document, .ICA file, or a specially designed type field in an ICA graphics packet. Users of Citrix Online Plug-in for Windows, Mac, ICA Client for Linux and Solaris, and Citrix Receiver for Windows Mobile are particularly at risk if they do not update to the latest versions.

References

http://www.securityfocus.com/archive/1/512861/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://archives.neohapsis.com/archives/fulldisclosure/201...

mailing-listx_refsource_FULLDISC

http://support.citrix.com/article/CTX125975

x_refsource_CONFIRM

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 11, 2010
Vulnerability Reserved
Aug 11, 2010