Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: XenApp and XenDesktop could result in Arbitrary Code Execution SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
XenApp and XenDesktop could result in Arbitrary Code Execution

Citrix has identified a vulnerability in the XenApp and XenDesktop which could potentially be exploited by sending a well crafted packet to the XML vulnerable component. The code will run with the privileges of the service.

Citrix has posted a list of versions vulnerable to this issue with the hotfixes available here.

[1] http://support.citrix.com/article/CTX129430
 

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

 

Guy

471 Posts
ISC Handler
Jul 28th 2011

Sign Up for Free or Log In to start participating in the conversation!