Remote Code Execution Vulnerability in Citrix XenApp and Receiver
CVE-2012-4603

7.8HIGH

Key Information:

Vendor
Citrix
Status
Receiver
Xenapp Online
Vendor
CVE Published:
10 January 2020

Summary

The Citrix XenApp Online Plug-in for Windows and Citrix Receiver for Windows are susceptible to a remote code execution vulnerability. This flaw allows attackers to execute arbitrary code on a target system by persuading users to open specially crafted files from a compromised SMB or WebDAV file server. Given its potential impact on user systems, it's crucial for organizations using these products to implement appropriate security measures and keep software updated.

References

http://www.securityfocus.com/bid/55518
vdb-entryx_refsource_BID
http://www.securitytracker.com/id?1027521
vdb-entryx_refsource_SECTRACK
http://www.securitytracker.com/id?1027522
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.