Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog - XenApp and XenDesktop could result in Arbitrary Code Execution InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

XenApp and XenDesktop could result in Arbitrary Code Execution

Published: 2011-07-28
Last Updated: 2011-07-28 00:20:56 UTC
by Guy Bruneau (Version: 1)
0 comment(s)

Citrix has identified a vulnerability in the XenApp and XenDesktop which could potentially be exploited by sending a well crafted packet to the XML vulnerable component. The code will run with the privileges of the service.

Citrix has posted a list of versions vulnerable to this issue with the hotfixes available here.

[1] http://support.citrix.com/article/CTX129430
 

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

 

0 comment(s)
Diary Archives