A vulnerability in an ActiveX control provided with the Citrix Presentation Server Client could allow a remote attacker to execute arbitrary code on an affected system.
The Citrix Presentation Server Client software provides an ActiveX control that can be used to integrate the client into Web pages. The Citrix ICA Client ActiveX control, which is provided by Wfica.ocx, contains a buffer overflow vulnerability in the SendChannelData() method.
Citrix notes that his vulnerability is present in all versions of the Citrix Presentation Server Client for Windows earlier than 9.230.
By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), a remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the user. The attacker could also cause Internet Explorer (or the program using the WebBrowser control) to crash.
Disable the affected ActiveX control in Internet Explorer
Thanks to Andrew Christensen of the FortConsult security research team for reporting this vulnerability. This issue was also independently reported by Aaron Portnoy of the TippingPoint Security Research Team.
This document was written by Chad R Dougherty.
|Date First Published:||2007-01-04|
|Date Last Updated:||2007-01-04 18:30 UTC|