Lucene search

K
saintSAINT CorporationSAINT:8C575EC416EF2E6CD4E3AE6BC2F24758
HistorySep 13, 2011 - 12:00 a.m.

Citrix Access Gateway NESPA ActiveX Control

2011-09-1300:00:00
SAINT Corporation
download.saintcorporation.com
19

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.964 High

EPSS

Percentile

99.6%

Added: 09/13/2011
CVE: CVE-2011-2882
BID: 48676
OSVDB: 74191

Background

Citrix Access Gateway is an application remote-access solution.

Problem

The Citrix Access Gateway installs an ActiveX plug-in on the user’s browser. Plug-in versions 8.1-67.7, 9.0-70.5, and 9.1-96.4 are vulnerable to a stack overflow.

Resolution

Upgrade the plug-in to the latest version.

References

<http://support.citrix.com/article/CTX129902&gt;

Limitations

This exploit has been tested against Citrix Systems Access Gateway Plug-in for Windows 8.0.59.1 on Windows XP SP3 English (DEP OptIn) and Windows Vista SP2 (DEP OptIn).

Platforms

Windows

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.964 High

EPSS

Percentile

99.6%