// For flags

CVE-2010-2990

 

Severity Score

9.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Citrix Online Plug-in for Windows for XenApp & XenDesktop before 11.2, Citrix Online Plug-in for Mac for XenApp & XenDesktop before 11.0, Citrix ICA Client for Linux before 11.100, Citrix ICA Client for Solaris before 8.63, and Citrix Receiver for Windows Mobile before 11.5 allow remote attackers to execute arbitrary code via (1) a crafted HTML document, (2) a crafted .ICA file, or (3) a crafted type field in an ICA graphics packet, related to a "heap offset overflow" issue.

Citrix Online Plug-in para Windows para XenApp & XenDesktop anterior v11.2, Citrix Online Plug-in para Mac para XenApp & XenDesktop anterior v11.0, Citrix ICA Client para Linux anterior v11.100, Citrix ICA Client para Solaris anterior v8.63, y Citrix Receiver para Windows Mobile before v11.5 permite a atacantes remotos ejecutar código de su elección a través de (1) un documento
HTML manipulado, (2) un fichero .ICA manipulado, o (3) un tipo de campo manipulado, en un paquete gráfico ICA, relacionado con el tema de "desbordamiento de pila offset".

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2010-08-11 CVE Reserved
  • 2010-08-11 CVE Published
  • 2024-04-03 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Citrix
Search vendor "Citrix"
Ica Client For Linux
Search vendor "Citrix" for product "Ica Client For Linux"
<= 11.0
Search vendor "Citrix" for product "Ica Client For Linux" and version " <= 11.0"
-
Affected
Citrix
Search vendor "Citrix"
Ica Client For Solaris
Search vendor "Citrix" for product "Ica Client For Solaris"
<= 8.62
Search vendor "Citrix" for product "Ica Client For Solaris" and version " <= 8.62"
-
Affected
Citrix
Search vendor "Citrix"
Online Plug-in For Mac For Xenapp \& Xendesktop
Search vendor "Citrix" for product "Online Plug-in For Mac For Xenapp \& Xendesktop"
<= 10.0
Search vendor "Citrix" for product "Online Plug-in For Mac For Xenapp \& Xendesktop" and version " <= 10.0"
-
Affected
Citrix
Search vendor "Citrix"
Online Plug-in For Windows For Xenapp \& Xendesktop
Search vendor "Citrix" for product "Online Plug-in For Windows For Xenapp \& Xendesktop"
<= 11.1
Search vendor "Citrix" for product "Online Plug-in For Windows For Xenapp \& Xendesktop" and version " <= 11.1"
-
Affected
Citrix
Search vendor "Citrix"
Receiver For Windows Mobile
Search vendor "Citrix" for product "Receiver For Windows Mobile"
<= 11.0
Search vendor "Citrix" for product "Receiver For Windows Mobile" and version " <= 11.0"
-
Affected