PT-2010-4463 · Citrix · Citrix Receiver For Windows Mobile+4
Published
2010-08-11
·
Updated
2018-10-10
·
CVE-2010-2990
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Citrix Online Plug-in for Windows for XenApp & XenDesktop versions prior to 11.2
Citrix Online Plug-in for Mac for XenApp & XenDesktop versions prior to 11.0
Citrix ICA Client for Linux versions prior to 11.100
Citrix ICA Client for Solaris versions prior to 8.63
Citrix Receiver for Windows Mobile versions prior to 11.5
Description
The issue allows remote attackers to execute arbitrary code via a crafted HTML document, a crafted .ICA file, or a crafted type field in an ICA graphics packet, related to a heap offset overflow issue.
Recommendations
For Citrix Online Plug-in for Windows for XenApp & XenDesktop versions prior to 11.2, update to version 11.2 or later.
For Citrix Online Plug-in for Mac for XenApp & XenDesktop versions prior to 11.0, update to version 11.0 or later.
For Citrix ICA Client for Linux versions prior to 11.100, update to version 11.100 or later.
For Citrix ICA Client for Solaris versions prior to 8.63, update to version 8.63 or later.
For Citrix Receiver for Windows Mobile versions prior to 11.5, update to version 11.5 or later.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Citrix Ica Client For Linux
Citrix Ica Client For Solaris
Citrix Online Plug-In For Mac
Citrix Online Plug-In For Windows
Citrix Receiver For Windows Mobile