CVE-2011-2593

Name of the Vulnerable Software and Affected Versions Citrix Access Gateway Enterprise Edition Plug-in for Windows versions 9.x before 9.3-57.5 Citrix Access Gateway Enterprise Edition Plug-in for Windows versions 10.0 before 10.0-69.4

Description The issue is related to an integer overflow in the StartEpa method within the nsepacom ActiveX control. This can be exploited by remote attackers through a crafted Content-Length HTTP header, leading to a heap-based buffer overflow and potentially allowing the execution of arbitrary code.

Recommendations For versions 9.x before 9.3-57.5, update to version 9.3-57.5 or later. For versions 10.0 before 10.0-69.4, update to version 10.0-69.4 or later.