PT-2020-7237 · Citrix · Citrix Receiver For Windows+1

Published

2020-01-10

Updated

2020-01-22

CVE-2012-4603

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Citrix XenApp Online Plug-in for Windows versions 12.1 and earlier Citrix Receiver for Windows versions 3.2 and earlier

Description The issue allows remote attackers to execute arbitrary code by convincing a target to open a specially crafted file from an SMB or WebDAV fileserver.

Recommendations For Citrix XenApp Online Plug-in for Windows versions 12.1 and earlier, update to a version later than 12.1. For Citrix Receiver for Windows versions 3.2 and earlier, update to a version later than 3.2.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2012-4603

Affected Products

Citrix Receiver For Windows

Citrix Xenapp Online Plug-In For Windows

PT-2020-7237 · Citrix · Citrix Receiver For Windows+1

CVE-2012-4603

Weakness Enumeration

Related Identifiers

Affected Products

References · 5