Lucene search

K
saintSAINT CorporationSAINT:DBD96DD8ACAE7113FBFBA9C5F9D0B88B
HistorySep 13, 2011 - 12:00 a.m.

Citrix Access Gateway NESPA ActiveX Control

2011-09-1300:00:00
SAINT Corporation
www.saintcorporation.com
8

0.964 High

EPSS

Percentile

99.6%

Added: 09/13/2011
CVE: CVE-2011-2882
BID: 48676
OSVDB: 74191

Background

Citrix Access Gateway is an application remote-access solution.

Problem

The Citrix Access Gateway installs an ActiveX plug-in on the user’s browser. Plug-in versions 8.1-67.7, 9.0-70.5, and 9.1-96.4 are vulnerable to a stack overflow.

Resolution

Upgrade the plug-in to the latest version.

References

<http://support.citrix.com/article/CTX129902&gt;

Limitations

This exploit has been tested against Citrix Systems Access Gateway Plug-in for Windows 8.0.59.1 on Windows XP SP3 English (DEP OptIn) and Windows Vista SP2 (DEP OptIn).

Platforms

Windows

0.964 High

EPSS

Percentile

99.6%