Citrix Warns Of New Presentation Server Bug
The vulnerability stems from the way Presentation Server Client for Windows supports Independent Computing Architecture (ICA) connections through proxy servers, according to a Wednesday Citrix advisory. ICA is an application server protocol used by Citrix software.
All versions of Citrix Presentation Server Client for Windows prior to 10.0 are vulnerable, according to Citrix, which recommends upgrading to version 10.0 or later.
Attackers could exploit the vulnerability by getting a user to visit a malicious website, and most client deployments are susceptible, Citrix said.
This is the third serious buffer overflow flaw in Presentation Server that Citrix has patched in the past four months. Citrix rated the severity of the flaw as "high," the vendor's most critical rating, Secunia rated the threat as 'highly critical', and Symantec placed its severity at 8.3 on a 10 point scale.
Fort Lauderdale, Fla.-based Citrix credited Karl Lynn, a security researcher at Juniper Networks, with discovering the vulnerability.