ActiveX Control Vulnerability in Citrix Access Gateway
CVE-2011-2883

Currently unrated

Key Information:

Vendor
Citrix
Vendor
CVE Published:
21 July 2011

Summary

The NSEPA.NsepaCtrl.1 ActiveX control in the Citrix Access Gateway allows attackers to exploit a flaw in the DLL validation process. By checking only the certificate subject rather than the signature, it becomes possible for a man-in-the-middle attacker to execute arbitrary code by referencing malicious DLLs through specially crafted HTTP header data. This exposes systems to significant security risks if not properly mitigated.

References

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.