---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Citrix Program Neighborhood Agent Two Vulnerabilities SECUNIA ADVISORY ID: SA15108 VERIFY ADVISORY: http://secunia.com/advisories/15108/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From remote SOFTWARE: Citrix Program Neighborhood Agent 8.x http://secunia.com/product/4287/ DESCRIPTION: Two vulnerabilities have been reported in Citrix Program Neighborhood Agent, which can be exploited by malicious people to compromise a user's system. 1) An unspecified error can be exploited to cause a stack-based buffer overflow and may allow execution of arbitrary code. 2) An unspecified error allows arbitrary shortcuts to be created. Successful exploitation requires that the client has been configured to point to a malicious server. The following clients are affected: * Program Neighborhood Agent for Win32 * Citrix MetaFrame Presentation Server client for WinCE (versions including Program Neighborhood Agent) SOLUTION: The vulnerabilities have been addressed in the listed client versions below, which are available at: http://www.citrix.com/English/SS/downloads/downloads.asp?dID=2755 * Program Neighborhood Agent for Win32 versions 9.0 and later. * Citrix MetaFrame Presentation Server client for WinCE versions 8.33 and later. PROVIDED AND/OR DISCOVERED BY: The vendor credits iDEFENSE. ORIGINAL ADVISORY: Citrix: http://support.citrix.com/kb/entry.jspa?entryID=6156&categoryID=149 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------