Stack-based Buffer Overflow in Citrix Access Gateway ActiveX Control
CVE-2011-2882

Currently unrated

Key Information:

Vendor: Citrix
Status: Access Gateway
Vendor: CVE Published:; 21 July 2011

What is CVE-2011-2882?

A stack-based buffer overflow vulnerability exists in the NSEPA.NsepaCtrl.1 ActiveX control included in Citrix Access Gateway Enterprise Edition. This flaw allows remote attackers to exploit crafted HTTP header data to execute arbitrary code on affected systems. Key versions susceptible to this vulnerability include notable releases prior to specific build numbers, emphasizing the necessity for timely updates to safeguard against potential exploitation.

References

http://securityreason.com/securityalert/8358

third-party-advisoryx_refsource_SREASON

http://labs.idefense.com/intelligence/vulnerabilities/dis...

third-party-advisoryx_refsource_IDEFENSE

EPSS Score

75% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 21, 2011
Vulnerability Reserved
Jul 21, 2011