Citrix has fixed a buffer overflow vulnerability in its widely used Presentation Server software that could allow remote attackers to execute malicious code.
In a Tuesday advisory, Citrix said the flaw affects the software's print provider component, which lets users print to local printers from published applications.
Citrix Presentation Server is an application virtualization solution that allows remote users to securely access virtualized client/server applications. All versions of Citrix MetaFrame XP and Presentation Server up to and including 4.0 are affected, the vendor said.
Attackers could exploit the vulnerability through a local API call or through an unauthenticated Remote Procedure Call (RPC) request. However, a miscreant would need to have access to the RPC interface to exploit the flaw, which companies with Presentation Server deployments don't typically make accessible from outside, according to the advisory.
In a blog post, the SANS Internet Storm Center recommended that Presentation Server users apply the patch because an exploit for the vulnerability has already appeared.
Fort Lauderdale, Fla.-based Citrix rated the severity of the flaw as "high," the vendor's most critical rating. Symantec Deepsight had a similar view, rating its severity as 10 on a 10-point scale. But Danish research firm Secunia wasn't as concerned, assigning a threat score of 3 on a 5-point scale, or "moderately critical," to the vulnerability.
In November, Citrix fixed a pair of remotely exploitable vulnerabilities in its Presentation Server platform that could allow miscreants to trigger buffer overflows and launch denial of service attacks.
|
Symantec's Code Red: The Law Enforcement/Anonymous E-Mail Exchange Law enforcement officials negotiated via e-mail for more than two weeks with an Anonymous group member trying to extort $50,000 from Symantec to keep stolen product code off the Internet. |
|
How To Sell IT Security Services To Your Customers Cyberattacks can cost a business thousands, even millions, of dollars, and can deal a death blow to some. Here's how IT solution providers can help guard against malicious attacks. |
|
Cybersecurity Experts: What They Know Could Scare You A recent report based on interviews with security experts in government, business and academia finds more than half in agreement that a worldwide arms race is taking place in cyberspace. |
 More
Slide Shows |
- Citrix Patches Presentation Server Security Holes
- Microsoft Shows Its Love In Valentine's Day Patch Release
- Worker Abuse Protest Targets Apple, Supplier Foxconn
- OCZ Acquires Sanrad, Targets Flash Storage For Virtualized Data Centers
- Denali Deploys Virtual Desktops To Give Doctors More Time With Patients
- Insider Threats: The Next Frontier for Security Resellers and SMBs
- Complete Security and Your Bottom Line: Sophos, Value and the Channel
- Tough Threats, Tougher Security: How You Can Leverage New Solutions To Combat A “Targeted Attack” Landscape
- Dark Clouds Ahead: Why the Mid-Market Needs To Ramp Up Cloud Security and How You Can Help Them Get There
