PT-2004-2054 · Citrix · Citrix Program Neighborhood Agent+1

Published

2004-04-26

Updated

2008-09-05

CVE-2004-1078

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Citrix Program Neighborhood Agent for Win32 version 8.00.24737 and earlier Citrix MetaFrame Presentation Server client for WinCE versions prior to 8.33

Description: The issue is related to a stack-based buffer overflow that can be triggered by a long cached icon filename in the InName XML element. This allows remote attackers to execute arbitrary code.

Recommendations: For Citrix Program Neighborhood Agent for Win32 version 8.00.24737 and earlier, update to a version later than 8.00.24737. For Citrix MetaFrame Presentation Server client for WinCE versions prior to 8.33, update to version 8.33 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-1078

Affected Products

Citrix Metaframe Presentation Server

Citrix Program Neighborhood Agent

PT-2004-2054 · Citrix · Citrix Program Neighborhood Agent+1

CVE-2004-1078

Related Identifiers

Affected Products

References · 4