CVE-2006-5821

critical

Description

Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ImaSystem.dll for Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to execute arbitrary code via requests to the Independent Management Architecture (IMA) service (ImaSrv.exe) with invalid size values that trigger the overflow during decryption.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/30148

http://www.zerodayinitiative.com/advisories/ZDI-06-038.html

http://www.vupen.com/english/advisories/2006/4429

http://www.securityfocus.com/bid/20986

http://www.securityfocus.com/archive/1/451337/100/100/threaded

http://support.citrix.com/article/CTX111186

http://securitytracker.com/id?1017205

http://secunia.com/advisories/22802

Details

Source: Mitre, NVD

Published: 2006-11-10

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.09097