---------------------------------------------------------------------- To improve our services to our customers, we have made a number of additions to the Secunia Advisories and have started translating the advisories to German. The improvements will help our customers to get a better understanding of how we reached our conclusions, how it was rated, our thoughts on exploitation, attack vectors, and scenarios. This includes: * Reason for rating * Extended description * Extended solution * Exploit code or links to exploit code * Deep links Read the full description: http://corporate.secunia.com/products/48/?r=l Contact Secunia Sales for more information: http://corporate.secunia.com/how_to_buy/15/?r=l ---------------------------------------------------------------------- TITLE: Citrix ICA Client ActiveX Control Heap Overflow Vulnerability SECUNIA ADVISORY ID: SA23246 VERIFY ADVISORY: http://secunia.com/advisories/23246/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Citrix Presentation Server Client 9.x http://secunia.com/product/7916/ DESCRIPTION: A vulnerability has been discovered in Citrix Presentation Server Client, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within the "SendChannelData()" method in the ICA Client ActiveX control component (WFICA.OCX). This can be exploited to cause a heap-based buffer overflow by e.g. setting the "DataSize" and "DataType" parameters to "1" and passing an overly long string in the "Data" parameter. Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious website. The vulnerability is confirmed in version 9.200.44376.0 included in the Citrix Presentation Server Client Package version 9.200. Other versions may also be affected. SOLUTION: Update to version 9.230 or later. PROVIDED AND/OR DISCOVERED BY: Andrew Christensen, FortConsult. The vendor also credits TippingPoint and the Zero Day Initiative. ORIGINAL ADVISORY: Citrix: http://support.citrix.com/article/CTX111827 FortConsult: http://www.fortconsult.net/images/pdf/citrix_advisory_dec2006.pdf ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------