CVE-2006-6334
Citrix Presentation Server Client - 'WFICA.OCX' ActiveX Heap Buffer Overflow
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
4Exploited in Wild
-Decision
Descriptions
Heap-based buffer overflow in the SendChannelData function in wfica.ocx in Citrix Presentation Server Client before 9.230 for Windows allows remote malicious web sites to execute arbitrary code via a DataSize parameter that is less than the length of the Data buffer.
Desbordamiento de búfer basado en montón en la función SendChannelData en wfica.ocx de Citrix Presentation Server Client versiones anteriores a 9.230 para Windows permite a sitios web remotos maliciosos ejecutar código de su elección mediante un parámetro DataSize que es menor que la longitud del búfer Data.
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Citrix Presentation Server Client for Windows versions below 9.230. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2006-12-06 CVE Reserved
- 2006-12-07 CVE Published
- 2008-02-13 First Exploit
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (14)
| URL | Tag | Source |
|---|---|---|
| http://fortconsult.net/files/fortconsult.dk/citrix_advisory_dec2006.pdf | X_refsource_misc | |
| http://securityreason.com/securityalert/1995 | Third Party Advisory | |
| http://www.kb.cert.org/vuls/id/210969 | Third Party Advisory |
|
| http://www.securityfocus.com/archive/1/453760/100/0/threaded | Mailing List | |
| http://www.vupen.com/english/advisories/2006/4865 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/30740 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/63580 | 2008-02-13 | |
| https://www.exploit-db.com/exploits/5106 | 2024-08-07 | |
| http://support.citrix.com/article/CTX111827 | 2024-08-07 | |
| http://www.tippingpoint.com/security/advisories/TSRT-06-15.html | 2024-08-07 |
| URL | Date | SRC |
|---|---|---|
| http://securitytracker.com/id?1017343 | 2018-10-17 | |
| http://www.citrix.com/English/SS/downloads/downloads.asp?dID=2755 | 2018-10-17 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/23246 | 2018-10-17 | |
| http://www.securityfocus.com/bid/21458 | 2018-10-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Citrix Search vendor "Citrix" | Presentation Server Client Search vendor "Citrix" for product "Presentation Server Client" | <= 9.200 Search vendor "Citrix" for product "Presentation Server Client" and version " <= 9.200" | windows |
Affected
| ||||||