CVE-2011-2592

Name of the Vulnerable Software and Affected Versions Citrix Access Gateway Enterprise Edition Plug-in for Windows versions 9.x before 9.3-57.5 Citrix Access Gateway Enterprise Edition Plug-in for Windows versions 10.0 before 10.0-69.4

Description The issue is related to a heap-based buffer overflow in the StartEpa method of the nsepacom ActiveX control. This allows remote attackers to execute arbitrary code via a long CSEC HTTP response header.

Recommendations For versions 9.x before 9.3-57.5, update to version 9.3-57.5 or later. For versions 10.0 before 10.0-69.4, update to version 10.0-69.4 or later.