Citrix Provisioning Services dynamically provisions virtual servers to simplify and streamline server management, while reducing software rollout risk.
Citrix Provisioning Services up to and including version 5.6 Service Pack 1 are vulnerable to remote code execution as a result of an integer underflow. An attacker could exploit this vulnerability by sending a specially crafted packet to the Provisioning Services server on UDP port 6905.
Apply the appropriate hotfix as described in Citrix Knowledge Base Document CTX130846.
This exploit has been tested against Citrix Systems Provisioning Services 5.6 SP1 on Microsoft Windows Server 2003 SP2 English (DEP OptOut).