Andrew Christensen

**Name of the Vulnerable Software and Affected Versions** Citrix Presentation Server Client versions prior to 9.230 for Windows **Description** A heap-based buffer overflow issue exists in the SendChannelData function within wfica.ocx. This allows remote malicious websites to execute arbitrary code by manipulating the `DataSize` parameter to be less than the length of the `Data` buffer. **Recommendations** For versions prior to 9.230, update to version 9.230 or later to resolve the issue. As a temporary workaround, consider restricting access to the SendChannelData function until a patch is applied. Avoid using the `DataSize` parameter in the affected function with values less than the length of the `Data` buffer until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Paros version 3.2.5 **Description** The issue allows remote attackers to gain privileges due to the use of a default password for the `sa` account in the underlying HSQLDB database and lack of access restriction to the local machine. **Recommendations** For Paros version 3.2.5, change the default password for the `sa` account in the HSQLDB database and restrict access to the local machine to prevent unauthorized access.