Lucene search

[email protected]NVD:CVE-2010-2991

HistoryAug 11, 2010 - 8:00 p.m.

CVE-2010-2991

2010-08-1120:00:01

CWE-94

[email protected]

web.nvd.nist.gov

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

High

0.1 Low

EPSS

Percentile

94.9%

JSON

The IICAClient interface in the ICAClient library in the ICA Client ActiveX Object (aka ICO) component in Citrix Online Plug-in for Windows for XenApp & XenDesktop before 12.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document that triggers the reading of a .ICA file.

Affected configurations

NVD

Node

citrixonline_plug-in_for_windows_for_xenapp_\&_xendesktopRange≤12.0

citrixonline_plug-in_for_windows_for_xenapp_\&_xendesktopMatch11.1

References

labs.idefense.com/intelligence/vulnerabilities/display.php?id=875

secunia.com/advisories/40819

secunia.com/advisories/40821

support.citrix.com/article/CTX125976

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

High

0.1 Low

EPSS

Percentile

94.9%

JSON

Related for NVD:CVE-2010-2991

cvelist1 cve1 prion1 nessus1