CVE-2007-0444
Citrix Metaframe Presentation Server Print Provider Buffer Overflow Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Stack-based buffer overflow in the print provider library (cpprov.dll) in Citrix Presentation Server 4.0, MetaFrame Presentation Server 3.0, and MetaFrame XP 1.0 allows local users and remote attackers to execute arbitrary code via long arguments to the (1) EnumPrintersW and (2) OpenPrinter functions.
Un desbordamiento de búfer en la región stack de la memoria en la biblioteca print provider (cpprov.dll) en Citrix Presentation Server versión 4.0, MetaFrame Presentation Server versión 3.0 y MetaFrame XP versión 1.0 permite a los usuarios locales y a los atacantes remotos ejecutar código arbitrario por medio de argumentos largos a las funciones (1) EnumPrintersW y (2) OpenPrinter.
This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of Citrix Presentation Server, Metaframe Presentation Server or MetaFrame XP. Authentication is not required to exploit this vulnerability.
The specific flaw exists in a print provider installed by the Presentation Server. The cpprov.dll library doesn't properly handle certain invalid calls to the EnumPrintersW() and OpenPrinter() functions. For example, passing a string of 130 or more characters in the first argument to the OpenPrinter() function results in a stack-based buffer overflow and can be leveraged to execute code in the context of the Spooler service, which runs as the privileged LocalSystem account.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-01-23 CVE Reserved
- 2007-01-24 CVE Published
- 2007-01-26 First Exploit
- 2023-10-21 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/32958 | Vdb Entry | |
| http://securitytracker.com/id?1017553 | Vdb Entry | |
| http://www.securityfocus.com/archive/1/458002/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/22217 | Vdb Entry | |
| http://www.securityfocus.com/data/vulnerabilities/exploits/testlpc.c | X_refsource_misc | |
| http://www.zerodayinitiative.com/advisories/ZDI-07-006.html | X_refsource_misc |
|
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/3204 | 2007-01-26 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/23869 | 2018-10-16 | |
| http://support.citrix.com/article/CTX111686 | 2018-10-16 | |
| http://www.vupen.com/english/advisories/2007/0328 | 2018-10-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Citrix Search vendor "Citrix" | Metaframe Search vendor "Citrix" for product "Metaframe" | 1.0 Search vendor "Citrix" for product "Metaframe" and version "1.0" | xp |
Affected
| ||||||
| Citrix Search vendor "Citrix" | Metaframe Presentation Server Search vendor "Citrix" for product "Metaframe Presentation Server" | 3.0 Search vendor "Citrix" for product "Metaframe Presentation Server" and version "3.0" | - |
Affected
| ||||||
| Citrix Search vendor "Citrix" | Metaframe Presentation Server Search vendor "Citrix" for product "Metaframe Presentation Server" | 4.0 Search vendor "Citrix" for product "Metaframe Presentation Server" and version "4.0" | - |
Affected
| ||||||