Vulnerability In Program Neighborhood Client Could Result In Arbitrary Code Execution
Friday, 16 December 2005 by Michel Roth
The Citrix Program Neighborhood client supports a UDP based application enumeration mechanism; if this functionality is used to present the client with a very long application name then an implementation flaw in the client could result in an internal buffer being overflowed. It is possible that this buffer overflow could be used to execute malicious code within the client process.

The following clients are affected by this issue:
• Citrix Program Neighborhood version 9.1 and earlier for 32-bit and 64-bit Windows

The Citrix Web client and the Citrix Program Neighborhood Agent client are not affected by this vulnerability.

Read CTX108354 here.

Related Items:

User Interface Flaw In Program Neighborhood Could Leak Cached Passwords (16 December 2005)
Citrix Program Neighborhood Agent Two Vulnerabilities (26 April 2005)
Server Upgrade Fails When A Later Version Of The ICA Client Is Already Installed (6 April 2006)
Citrix Presentation Server Client Packager - Version 9.1 (18 October 2005)
ICA Client 10.150 For Windows Released, Streaming Users Beware! (20 November 2007)
Citrix Presentation Server Client Package Version 9.230 (6 December 2006)
ICA Client Version 10 Released (26 February 2007)
Citrix ICA Client ActiveX Control Heap Overflow Vulnerability (6 December 2006)
Citrix Presentation Server And MetaFrame Print Provider Buffer Overflow Vulnerability (24 January 2007)
Win32 Client Supported Configurations for Pass-Through Authentication (SSON) Of Windows Credentials (2 March 2006)
Comments (0)
Show/Hide comment form