SAINT CorporationSAINT:6051296DC95DEE02B1B68AEFC533CEFCCitrix Program Neighborhood name buffer overflow
0.23 Low
EPSS
Percentile
96.6%
Added: 02/01/2006
CVE: CVE-2005-3652
BID: 15907
OSVDB: 21816
Background
Citrix Presentation Server, formerly Citrix MetaFrame, allows applications to be deployed across a network to various client platforms, including Windows, Unix, Macintosh, DOS, and OS/2. The Program Neighborhood Agent running on the client is the interface to the application.
Problem
A buffer overflow occurs when the Citrix Program Neighborhood client processes Application Set responses containing a long name value.
Resolution
Upgrade to the fixed version referenced in Citrix document CTX108354.
References
<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=357>
Limitations
Exploit requires user to start the Citrix Neighorhood Client, choose “Add ICA connection”, select “TCP/IP” as the protocol, and click on the pull-down menu for applications names. Exploit works on Citrix Neighborhood client 9.0.
Platforms
Windows 2000
Windows XP
Related
