Citrix Program Neighborhood Agent Two Vulnerabilities
Tuesday, 26 April 2005 by Michel Roth
Secunia Advisory: SA15108
Release Date: 2005-04-26


Critical:
Moderately critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


Software: Citrix Program Neighborhood Agent 8.x


Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.


Description:
Two vulnerabilities have been reported in Citrix Program Neighborhood Agent, which can be exploited by malicious people to compromise a user's system.

1) An unspecified error can be exploited to cause a stack-based buffer overflow and may allow execution of arbitrary code.

2) An unspecified error allows arbitrary shortcuts to be created.

Successful exploitation requires that the client has been configured to point to a malicious server.

The following clients are affected:
* Program Neighborhood Agent for Win32
* Citrix MetaFrame Presentation Server client for WinCE (versions including Program Neighborhood Agent)


Read the whole advisory at secunia.com.

Related Items:

Citrix Metaframe XP Unspecified Buffer Overflow Vulnerability (23 December 2004)
Zero Day Microsoft Word Unspecified Code Execution Vulnerability (20 May 2006)
Warning: 0-Day Microsoft XMLHTTP ActiveX Control Code Execution Vulnerability (6 November 2006)
VMware ESX Server Multiple Vulnerabilities (5 April 2007)
Vulnerability In Program Neighborhood Client Could Result In Arbitrary Code Execution (16 December 2005)
Firefox IDN URL Domain Name Buffer Overflow (13 September 2005)
Internet Explorer "object" Tag Memory Corruption Code Execution (26 April 2006)
0-Day Microsoft Word 2000 Unspecified Code Execution Vulnerability (5 September 2006)
0-Day Microsoft Excel Unspecified Code Execution Vulnerability (19 June 2006)
VMware NAT Networking Buffer Overflow Vulnerability (21 December 2005)
Comments (0)
Show/Hide comment form