CERTA-2006-AVI-532
Vulnerability from certfr_avis - Published: 2006-12-06 - Updated: 2006-12-06
Une vulnérabilité dans un composant ActiveX permet d'exécuter du code arbitraire.
Description
Le serveur Citrix Presentation Manager Server fournit un composant ActiveX qui permet l'intégration du client dans des pages web. Une vulnérabilité dans ce composant permet d'exécuter du code arbitraire dans le contexte du processus du serveur. Cette attaque utilise une page web spécialement conçue à cet effet.
Solution
La version 9.230 du serveur Citrix Presentation Manager Server corrige le problème. Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "ICA WIn32 Program Neighborhood Client ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "ICA WIn32 Web Client.",
"product": {
"name": "N/A",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix Presentation Manager Server ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "ICA WIn32 Program Neighborhood Agent ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Citrix",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nLe serveur Citrix Presentation Manager Server fournit un composant\nActiveX qui permet l\u0027int\u00e9gration du client dans des pages web. Une\nvuln\u00e9rabilit\u00e9 dans ce composant permet d\u0027ex\u00e9cuter du code arbitraire\ndans le contexte du processus du serveur. Cette attaque utilise une page\nweb sp\u00e9cialement con\u00e7ue \u00e0 cet effet.\n\n## Solution\n\nLa version 9.230 du serveur Citrix Presentation Manager Server corrige\nle probl\u00e8me. Se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour\nl\u0027obtention des correctifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2006-12-06T00:00:00",
"last_revision_date": "2006-12-06T00:00:00",
"links": [],
"reference": "CERTA-2006-AVI-532",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2006-12-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans un composant ActiveX permet d\u0027ex\u00e9cuter du code\narbitraire.\n",
"title": "Vuln\u00e9rabilit\u00e9 de Citrix",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX111827 du 04 d\u00e9cembre 2006",
"url": "http://support.citrix.com/article/CTX111827.html"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…