CVE-2006-6334

Name of the Vulnerable Software and Affected Versions Citrix Presentation Server Client versions prior to 9.230 for Windows

Description A heap-based buffer overflow issue exists in the SendChannelData function within wfica.ocx. This allows remote malicious websites to execute arbitrary code by manipulating the DataSize parameter to be less than the length of the Data buffer.

Recommendations For versions prior to 9.230, update to version 9.230 or later to resolve the issue. As a temporary workaround, consider restricting access to the SendChannelData function until a patch is applied. Avoid using the DataSize parameter in the affected function with values less than the length of the Data buffer until the issue is resolved.