Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:15323
HistoryDec 07, 2006 - 12:00 a.m.

TSRT-06-15: Citrix Presentation Server Client ActiveX Heap Overflow Vulnerability

2006-12-0700:00:00
vulners.com
4
JSON

TSRT-06-15: Citrix Presentation Server Client ActiveX Heap Overflow
Vulnerability
http://www.tippingpoint.com/security/advisories/TSRT-06-15.html
December 6, 2006

– CVE ID:
CVE-2006-6334

– Affected Vendor:
Citrix

– Affected Products:
Citrix Presentation Server Client for Windows < v9.230

– TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability since February 2006 by a pre-existing Digital Vaccine
protection filter ID 4163. For further product information on the
TippingPoint IPS:

http://www.tippingpoint.com

– Vulnerability Details:
This vulnerability allows attackers to execute arbitrary code on
vulnerable installations of Citrix Presentation Server Client for
Windows. User interaction is required to exploit this vulnerability in
that the target must visit a malicious page.

The specific flaw resides in the SendChannelData function of the
ActiveX control Wfica.ocx (CLSID 238F6F83-B8B4-11CF-8771-00A024541EE3).
The function is prototyped as follows:

SendChannelData&#40;ChannelName As String,
    Data As String,
    DataSize As Long,
    DataType As ICAVCDataType&#41;

Specifying an undersized buffer length as the 'DataSize' parameter and
supplying a large buffer as the 'Data' parameter results in an
exploitable heap corruption.

– Vendor Response:
Citrix has issued an update to correct this vulnerability. More details
can be found at:

http://support.citrix.com/article/CTX111827

– Disclosure Timeline:
2006.02.01 - Pre-existing Digital Vaccine released to TippingPoint
customers
2006.09.19 - Vulnerability reported to vendor
2006.12.06 - Coordinated public release of advisory

– Credit:
This vulnerability was discovered by Aaron Portnoy, TippingPoint Security
Research Team.

Related

seebug 3
cve 1
checkpoint_advisories 1
exploitdb 2
d2 1
exploitpack 1
packetstorm 1
cert 1
seebug
seebug
Citrix Presentation Server Client WFICA.OCX ActiveX - Heap BOF Exploit
2014-07-01 00:00:00
Citrix Presentation Server Client WFICA.OCX ActiveX Heap BOF Exploit
2008-02-14 00:00:00
Citrix Presentation Server Client 9.200 WFICA.OCX ActiveX Component Heap Buffer Overflow Vulnerability
2014-07-01 00:00:00
cve
cve
CVE-2006-6334
2006-12-08 01:28:00
checkpoint_advisories
checkpoint_advisories
Citrix Presentation Server Client wfica.ocx Buffer Overflow (CVE-2006-6334)
2007-01-14 00:00:00
exploitdb
exploitdb
Citrix Presentation Server Client 9.200 - WFICA.OCX ActiveX Component Heap Buffer Overflow Vulnerability
2006-12-06 00:00:00
Citrix Presentation Server Client - &#039;WFICA.OCX&#039; ActiveX Heap Buffer Overflow
2008-02-12 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_WFICA
2006-12-08 01:28:00
exploitpack
exploitpack
Citrix Presentation Server Client - WFICA.OCX ActiveX Heap Buffer Overflow
2008-02-12 00:00:00
packetstorm
packetstorm
citrix-overflow.txt
2008-02-13 00:00:00
cert
cert
Citrix ICA Client ActiveX control buffer overflow
2007-01-04 00:00:00
JSON
Related for SECURITYVULNS:DOC:15323
seebug3cve1checkpoint_advisories1exploitdb2d21exploitpack1packetstorm1cert1