|
|
|
|
| |
Credit:
The information has been provided by ZeroDay Initiative.
The original article can be found at: http://www.zerodayinitiative.com/advisories/ZDI-07-006.html
|
| |
Vulnerable Systems:
* Citrix Presentation Server version 4.0
* Citrix MetaFrame Presentation Server version 3.0
* Citrix MetaFrame XP version 1.0
This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of Citrix Presentation Server, Metaframe Presentation Server or MetaFrame XP. Authentication is not required to exploit this vulnerability.
The specific flaw exists in a print provider installed by the Presentation Server. The cpprov.dll library doesn't properly handle certain invalid calls to the EnumPrintersW() and OpenPrinter() functions. For example, passing a string of 130 or more characters in the first argument to the OpenPrinter() function results in a stack-based buffer overflow and can be leveraged to execute code in the context of the Spooler service, which runs as the privileged LocalSystem account.
Vendor Response:
Citrix has issued an update to correct this vulnerability. More details can be found at: http://support.citrix.com/article/CTX111686
Disclosure Timeline:
2005.07.07 - Pre-exiting Digital Vaccine released to TippingPoint customers
2006.10.02 - Vulnerability reported to vendor
2007.01.24 - Coordinated public release of advisory
CVE Information:
CVE-2007-0444
|
|
|
|
|
