CVE-2012-4068

2012-07-2619:55:04

CWE-119

[email protected]

web.nvd.nist.gov

cve-2012-4068

citrix provisioning services

soapserver

buffer overflow

security vulnerability

nvd

remote code execution

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

High

0.173 Low

EPSS

Percentile

96.1%

JSON

Heap-based buffer overflow in the SoapServer service in Citrix Provisioning Services 5.0, 5.1, 5.6, 5.6 SP1, 6.0, and 6.1 allows remote attackers to execute arbitrary code via a crafted string associated with date and time data.

Affected configurations

NVD

Node

citrixprovisioning_servicesMatch5.0

citrixprovisioning_servicesMatch5.1

citrixprovisioning_servicesMatch5.6

citrixprovisioning_servicesMatch5.6sp1

citrixprovisioning_servicesMatch6.0

citrixprovisioning_servicesMatch6.1

CPENameOperatorVersion
citrix:provisioning_servicescitrix provisioning serviceseq5.0
citrix:provisioning_servicescitrix provisioning serviceseq5.1
citrix:provisioning_servicescitrix provisioning serviceseq5.6
citrix:provisioning_servicescitrix provisioning serviceseq6.0
citrix:provisioning_servicescitrix provisioning serviceseq6.1

CPE	Name	Operator	Version
citrix:provisioning_services	citrix provisioning services	eq	5.0
citrix:provisioning_services	citrix provisioning services	eq	5.1
citrix:provisioning_services	citrix provisioning services	eq	5.6
citrix:provisioning_services	citrix provisioning services	eq	6.0
citrix:provisioning_services	citrix provisioning services	eq	6.1