CVE-2006-6334
Citrix Presentation Server Client - 'WFICA.OCX' ActiveX Heap Buffer Overflow
Severity Score
6.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Heap-based buffer overflow in the SendChannelData function in wfica.ocx in Citrix Presentation Server Client before 9.230 for Windows allows remote malicious web sites to execute arbitrary code via a DataSize parameter that is less than the length of the Data buffer.
Desbordamiento de búfer basado en montón en la función SendChannelData en wfica.ocx de Citrix Presentation Server Client versiones anteriores a 9.230 para Windows permite a sitios web remotos maliciosos ejecutar código de su elección mediante un parámetro DataSize que es menor que la longitud del búfer Data.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2006-12-06 CVE Reserved
- 2006-12-07 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- 2024-10-28 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (13)
| URL | Tag | Source |
|---|---|---|
| http://fortconsult.net/files/fortconsult.dk/citrix_advisory_dec2006.pdf | X_refsource_misc | |
| http://securityreason.com/securityalert/1995 | Third Party Advisory | |
| http://www.kb.cert.org/vuls/id/210969 | Third Party Advisory |
|
| http://www.securityfocus.com/archive/1/453760/100/0/threaded | Mailing List | |
| http://www.vupen.com/english/advisories/2006/4865 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/30740 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/5106 | 2024-08-07 | |
| http://support.citrix.com/article/CTX111827 | 2024-08-07 | |
| http://www.tippingpoint.com/security/advisories/TSRT-06-15.html | 2024-08-07 |
| URL | Date | SRC |
|---|---|---|
| http://securitytracker.com/id?1017343 | 2018-10-17 | |
| http://www.citrix.com/English/SS/downloads/downloads.asp?dID=2755 | 2018-10-17 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/23246 | 2018-10-17 | |
| http://www.securityfocus.com/bid/21458 | 2018-10-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Citrix Search vendor "Citrix" | Presentation Server Client Search vendor "Citrix" for product "Presentation Server Client" | <= 9.200 Search vendor "Citrix" for product "Presentation Server Client" and version " <= 9.200" | windows |
Affected
| ||||||