Lucene search

K
saintSAINT CorporationSAINT:87A771851D0FA8030CFF2CC471972CE1
HistorySep 13, 2011 - 12:00 a.m.

Citrix Access Gateway NESPA ActiveX Control

2011-09-1300:00:00
SAINT Corporation
my.saintcorporation.com
16

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.964 High

EPSS

Percentile

99.6%

Added: 09/13/2011
CVE: CVE-2011-2882
BID: 48676
OSVDB: 74191

Background

Citrix Access Gateway is an application remote-access solution.

Problem

The Citrix Access Gateway installs an ActiveX plug-in on the user’s browser. Plug-in versions 8.1-67.7, 9.0-70.5, and 9.1-96.4 are vulnerable to a stack overflow.

Resolution

Upgrade the plug-in to the latest version.

References

<http://support.citrix.com/article/CTX129902&gt;

Limitations

This exploit has been tested against Citrix Systems Access Gateway Plug-in for Windows 8.0.59.1 on Windows XP SP3 English (DEP OptIn) and Windows Vista SP2 (DEP OptIn).

Platforms

Windows

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.964 High

EPSS

Percentile

99.6%