CVE-2010-2990
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Citrix Online Plug-in for Windows for XenApp & XenDesktop before 11.2, Citrix Online Plug-in for Mac for XenApp & XenDesktop before 11.0, Citrix ICA Client for Linux before 11.100, Citrix ICA Client for Solaris before 8.63, and Citrix Receiver for Windows Mobile before 11.5 allow remote attackers to execute arbitrary code via (1) a crafted HTML document, (2) a crafted .ICA file, or (3) a crafted type field in an ICA graphics packet, related to a "heap offset overflow" issue.
Citrix Online Plug-in para Windows para XenApp & XenDesktop anterior v11.2, Citrix Online Plug-in para Mac para XenApp & XenDesktop anterior v11.0, Citrix ICA Client para Linux anterior v11.100, Citrix ICA Client para Solaris anterior v8.63, y Citrix Receiver para Windows Mobile before v11.5 permite a atacantes remotos ejecutar código de su elección a través de (1) un documento
HTML manipulado, (2) un fichero .ICA manipulado, o (3) un tipo de campo manipulado, en un paquete gráfico ICA, relacionado con el tema de "desbordamiento de pila offset".
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-08-11 CVE Reserved
- 2010-08-11 CVE Published
- 2024-04-03 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0040.html | Mailing List | |
| http://www.securityfocus.com/archive/1/512861/100/0/threaded | Mailing List |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://support.citrix.com/article/CTX125975 | 2018-10-10 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/40808 | 2018-10-10 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Citrix Search vendor "Citrix" | Ica Client For Linux Search vendor "Citrix" for product "Ica Client For Linux" | <= 11.0 Search vendor "Citrix" for product "Ica Client For Linux" and version " <= 11.0" | - |
Affected
| ||||||
| Citrix Search vendor "Citrix" | Ica Client For Solaris Search vendor "Citrix" for product "Ica Client For Solaris" | <= 8.62 Search vendor "Citrix" for product "Ica Client For Solaris" and version " <= 8.62" | - |
Affected
| ||||||
| Citrix Search vendor "Citrix" | Online Plug-in For Mac For Xenapp \& Xendesktop Search vendor "Citrix" for product "Online Plug-in For Mac For Xenapp \& Xendesktop" | <= 10.0 Search vendor "Citrix" for product "Online Plug-in For Mac For Xenapp \& Xendesktop" and version " <= 10.0" | - |
Affected
| ||||||
| Citrix Search vendor "Citrix" | Online Plug-in For Windows For Xenapp \& Xendesktop Search vendor "Citrix" for product "Online Plug-in For Windows For Xenapp \& Xendesktop" | <= 11.1 Search vendor "Citrix" for product "Online Plug-in For Windows For Xenapp \& Xendesktop" and version " <= 11.1" | - |
Affected
| ||||||
| Citrix Search vendor "Citrix" | Receiver For Windows Mobile Search vendor "Citrix" for product "Receiver For Windows Mobile" | <= 11.0 Search vendor "Citrix" for product "Receiver For Windows Mobile" and version " <= 11.0" | - |
Affected
| ||||||