CVE-2007-2850

Name of the Vulnerable Software and Affected Versions Citrix MetaFrame Presentation Server versions 3.0 through 4.0 Citrix Access Essentials versions 1.0 through 1.5

Description The issue allows remote attackers to bypass network security policies and connect to arbitrary TCP ports via a modified address:port string. This is related to the Session Reliability Service (XTE) in the affected Citrix products.

Recommendations For Citrix MetaFrame Presentation Server versions 3.0 through 4.0, restrict access to the Session Reliability Service (XTE) to minimize the risk of exploitation. For Citrix Access Essentials versions 1.0 through 1.5, consider disabling the Session Reliability Service (XTE) until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.