Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: XenApp and XenDesktop could result in Arbitrary Code Execution SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
XenApp and XenDesktop could result in Arbitrary Code Execution

Citrix has identified a vulnerability in the XenApp and XenDesktop which could potentially be exploited by sending a well crafted packet to the XML vulnerable component. The code will run with the privileges of the service.

Citrix has posted a list of versions vulnerable to this issue with the hotfixes available here.

[1] http://support.citrix.com/article/CTX129430
 

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

 

Guy

446 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!