Citrix has patched a buffer overflow glitch in its Presentation Server Client for Windows that could pave the way for remote code execution with the privileges of an authenticated user.
The vulnerability stems from the way Presentation Server Client for Windows supports Independent Computing Architecture (ICA) connections through proxy servers, according to a Wednesday Citrix advisory. ICA is an application server protocol used by Citrix software.
All versions of Citrix Presentation Server Client for Windows prior to 10.0 are vulnerable, according to Citrix, which recommends upgrading to version 10.0 or later.
Attackers could exploit the vulnerability by getting a user to visit a malicious website, and most client deployments are susceptible, Citrix said.
This is the third serious buffer overflow flaw in Presentation Server that Citrix has patched in the past four months. Citrix rated the severity of the flaw as "high," the vendor's most critical rating, Secunia rated the threat as 'highly critical', and Symantec placed its severity at 8.3 on a 10 point scale.
Fort Lauderdale, Fla.-based Citrix credited Karl Lynn, a security researcher at Juniper Networks, with discovering the vulnerability.
|
Symantec's Code Red: The Law Enforcement/Anonymous E-Mail Exchange Law enforcement officials negotiated via e-mail for more than two weeks with an Anonymous group member trying to extort $50,000 from Symantec to keep stolen product code off the Internet. |
|
How To Sell IT Security Services To Your Customers Cyberattacks can cost a business thousands, even millions, of dollars, and can deal a death blow to some. Here's how IT solution providers can help guard against malicious attacks. |
|
Cybersecurity Experts: What They Know Could Scare You A recent report based on interviews with security experts in government, business and academia finds more than half in agreement that a worldwide arms race is taking place in cyberspace. |
 More
Slide Shows |
- Citrix Patches Presentation Server Security Holes
- Citrix Patches Critical Presentation Server Flaw
- Google Wallet Security Questioned
- Microsoft Shows Its Love In Valentine's Day Patch Release
- OCZ Acquires Sanrad, Targets Flash Storage For Virtualized Data Centers
- Denali Deploys Virtual Desktops To Give Doctors More Time With Patients
- Insider Threats: The Next Frontier for Security Resellers and SMBs
- Complete Security and Your Bottom Line: Sophos, Value and the Channel
- Tough Threats, Tougher Security: How You Can Leverage New Solutions To Combat A “Targeted Attack” Landscape
- Dark Clouds Ahead: Why the Mid-Market Needs To Ramp Up Cloud Security and How You Can Help Them Get There
