News
News
1/25/2007
06:22 PM
Connect Directly
RSS
E-Mail
50%
50%

Citrix Patches Critical Presentation Server Flaw

Citrix has fixed a buffer overflow vulnerability in its widely used Presentation Server software that could allow remote attackers to execute malicious code.

Citrix has fixed a buffer overflow vulnerability in its widely used Presentation Server software that could allow remote attackers to execute malicious code.

In a Tuesday advisory, Citrix said the flaw affects the software's print provider component, which lets users print to local printers from published applications.

Citrix Presentation Server is an application virtualization solution that allows remote users to securely access virtualized client/server applications. All versions of Citrix MetaFrame XP and Presentation Server up to and including 4.0 are affected, the vendor said.

Attackers could exploit the vulnerability through a local API call or through an unauthenticated Remote Procedure Call (RPC) request. However, a miscreant would need to have access to the RPC interface to exploit the flaw, which companies with Presentation Server deployments don't typically make accessible from outside, according to the advisory.

In a blog post, the SANS Internet Storm Center recommended that Presentation Server users apply the patch because an exploit for the vulnerability has already appeared.

Fort Lauderdale, Fla.-based Citrix rated the severity of the flaw as "high," the vendor's most critical rating. Symantec Deepsight had a similar view, rating its severity as 10 on a 10-point scale. But Danish research firm Secunia wasn't as concerned, assigning a threat score of 3 on a 5-point scale, or "moderately critical," to the vulnerability.

In November, Citrix fixed a pair of remotely exploitable vulnerabilities in its Presentation Server platform that could allow miscreants to trigger buffer overflows and launch denial of service attacks.

Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 23, 2014
Intrigued by the concept of a converged infrastructure but worry you lack the expertise to DIY? Dell, HP, IBM, VMware, and other vendors want to help.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.