7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.23 Low
EPSS
Percentile
96.6%
Added: 02/01/2006
CVE: CVE-2005-3652
BID: 15907
OSVDB: 21816
Citrix Presentation Server, formerly Citrix MetaFrame, allows applications to be deployed across a network to various client platforms, including Windows, Unix, Macintosh, DOS, and OS/2. The Program Neighborhood Agent running on the client is the interface to the application.
A buffer overflow occurs when the Citrix Program Neighborhood client processes Application Set responses containing a long name value.
Upgrade to the fixed version referenced in Citrix document CTX108354.
<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=357>
Exploit requires user to start the Citrix Neighorhood Client, choose “Add ICA connection”, select “TCP/IP” as the protocol, and click on the pull-down menu for applications names. Exploit works on Citrix Neighborhood client 9.0.
Windows 2000
Windows XP