ActiveX Control Vulnerability in Citrix Access Gateway
CVE-2011-2883
Currently unrated
Summary
The NSEPA.NsepaCtrl.1 ActiveX control in the Citrix Access Gateway allows attackers to exploit a flaw in the DLL validation process. By checking only the certificate subject rather than the signature, it becomes possible for a man-in-the-middle attacker to execute arbitrary code by referencing malicious DLLs through specially crafted HTTP header data. This exposes systems to significant security risks if not properly mitigated.
References
Timeline
Vulnerability Reserved
Vulnerability published