9 results (0.008 seconds)

CVSS: 10.0EPSS: 6%CPEs: 8EXPL: 0

The Session Reliability Service (XTE) in Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials 1.0 and 1.5, allows remote attackers to bypass network security policies and connect to arbitrary TCP ports via a modified address:port string. El Session Reliability Service (XTE) del Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0 y Access Essentials 1.0 y 1.5, permite a atacantes remotos evitar las políticas de seguridad de la red y conectarse a puertos TCP de su elección a través de una cadena address:port modificada. • http://fortconsult.net/files/fortconsult.dk/citrix_advisory.pdf http://secunia.com/advisories/25371 http://support.citrix.com/article/CTX112964 http://www.securitytracker.com/id?1018098 http://www.vupen.com/english/advisories/2007/1918 https://exchange.xforce.ibmcloud.com/vulnerabilities/34448 •

CVSS: 7.2EPSS: 1%CPEs: 3EXPL: 1

Stack-based buffer overflow in the print provider library (cpprov.dll) in Citrix Presentation Server 4.0, MetaFrame Presentation Server 3.0, and MetaFrame XP 1.0 allows local users and remote attackers to execute arbitrary code via long arguments to the (1) EnumPrintersW and (2) OpenPrinter functions. Un desbordamiento de búfer en la región stack de la memoria en la biblioteca print provider (cpprov.dll) en Citrix Presentation Server versión 4.0, MetaFrame Presentation Server versión 3.0 y MetaFrame XP versión 1.0 permite a los usuarios locales y a los atacantes remotos ejecutar código arbitrario por medio de argumentos largos a las funciones (1) EnumPrintersW y (2) OpenPrinter. This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of Citrix Presentation Server, Metaframe Presentation Server or MetaFrame XP. Authentication is not required to exploit this vulnerability. The specific flaw exists in a print provider installed by the Presentation Server. The cpprov.dll library doesn't properly handle certain invalid calls to the EnumPrintersW() and OpenPrinter() functions. • https://www.exploit-db.com/exploits/3204 http://osvdb.org/32958 http://secunia.com/advisories/23869 http://securitytracker.com/id?1017553 http://support.citrix.com/article/CTX111686 http://www.securityfocus.com/archive/1/458002/100/0/threaded http://www.securityfocus.com/bid/22217 http://www.securityfocus.com/data/vulnerabilities/exploits/testlpc.c http://www.vupen.com/english/advisories/2007/0328 http://www.zerodayinitiative.com/advisories/ZDI-07-006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 48%CPEs: 4EXPL: 0

The Independent Management Architecture (IMA) service (ImaSrv.exe) in Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to cause a denial of service (service exit) via a crafted packet that causes the service to access an unmapped memory address and triggers an unhandled exception. El servicio (ImaSrv.exe) del Independent Management Architecture (IMA) en el Citrix MetaFrame XP 1.0 y 2.0, and Presentation Server 3.0 y 4.0, permite a atacantes remotos provocar una denegación de servicio (salida del servicio) mediante un paquete manipulado que provoca que el servicio acceda a una dirección de memoria sin mapear y dispare una excepción inmanejable. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=441 http://secunia.com/advisories/22802 http://securitytracker.com/id?1017205 http://support.citrix.com/article/CTX111186 http://www.securityfocus.com/bid/20986 http://www.vupen.com/english/advisories/2006/4429 https://exchange.xforce.ibmcloud.com/vulnerabilities/30156 •

CVSS: 7.5EPSS: 36%CPEs: 5EXPL: 0

Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ImaSystem.dll for Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to execute arbitrary code via requests to the Independent Management Architecture (IMA) service (ImaSrv.exe) with invalid size values that trigger the overflow during decryption. Desbordamiento del búfer basado en montón en la función IMA_SECURE_DecryptData1 en la ImaSystem.dll para el Citrix MetaFrame XP 1.0 y 2.0, y Presentation Server 3.0 y 4.0, permite a atacantes remotos ejecutar código de su elección mediante una petición en el Independent Management Architecture (IMA) al servicio (ImaSrv.exe) con tamaños de valores no válidos que disparen el desbordamiento durante la desencriptación. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Citrix MetaFrame Presentation Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the routine IMA_SECURE_DecryptData1() defined in ImaSystem.dll and is reachable through the Independant Management Architecture (IMA) service (ImaSrv.exe) that listens on TCP port 2512 or 2513. The encryption scheme used is reversible and relies on several 32-bit fields indicating the size of the packet and the offsets to the authentication strings. • http://secunia.com/advisories/22802 http://securitytracker.com/id?1017205 http://support.citrix.com/article/CTX111186 http://www.securityfocus.com/archive/1/451337/100/100/threaded http://www.securityfocus.com/bid/20986 http://www.vupen.com/english/advisories/2006/4429 http://www.zerodayinitiative.com/advisories/ZDI-06-038.html https://exchange.xforce.ibmcloud.com/vulnerabilities/30148 •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

Citrix MetaFrame up to XP 1.0 Feature 1, except when running on Windows Server 2003, installs a registry key with an insecure ACL, which allows remote authenticated users to gain privileges. Citrix MetaFrame para XP 1.0 característica 1, excepto cuando funciona sobre Windows Server 2003, instala una llave de registro con un ACL no seguro, lo cual permite a usuarios remotos validos ganar privilegios. • http://secunia.com/advisories/21076 http://securitytracker.com/id?1016526 http://support.citrix.com/article/CTX110492 http://www.securityfocus.com/bid/19056 http://www.vupen.com/english/advisories/2006/2862 •