ActiveX Control Vulnerability in Citrix Access Gateway
CVE-2011-2883

Currently unrated

Key Information:

Vendor: Citrix
Status: Access Gateway
Vendor: CVE Published:; 21 July 2011

Summary

The NSEPA.NsepaCtrl.1 ActiveX control in the Citrix Access Gateway allows attackers to exploit a flaw in the DLL validation process. By checking only the certificate subject rather than the signature, it becomes possible for a man-in-the-middle attacker to execute arbitrary code by referencing malicious DLLs through specially crafted HTTP header data. This exposes systems to significant security risks if not properly mitigated.

References

http://labs.idefense.com/intelligence/vulnerabilities/dis...

third-party-advisoryx_refsource_IDEFENSE

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jul 21, 2011