Citrix Program Neighborhood name buffer overflow
Added: 02/01/2006CVE: CVE-2005-3652
BID: 15907
OSVDB: 21816
Background
Citrix Presentation Server, formerly Citrix MetaFrame, allows applications to be deployed across a network to various client platforms, including Windows, Unix, Macintosh, DOS, and OS/2. The Program Neighborhood Agent running on the client is the interface to the application.Problem
A buffer overflow occurs when the Citrix Program Neighborhood client processes Application Set responses containing a long name value.Resolution
Upgrade to the fixed version referenced in Citrix document CTX108354.References
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=357Limitations
Exploit requires user to start the Citrix Neighorhood Client, choose "Add ICA connection", select "TCP/IP" as the protocol, and click on the pull-down menu for applications names. Exploit works on Citrix Neighborhood client 9.0.Platforms
Windows 2000Windows XP
Back to exploit index