Citrix Presentation Server Client Unspecified Remote Code Execution

This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an application that is affected by a
remote code execution vulnerability.

Description :

Citrix Presentation Server Client is installed on the remote host. It
is used to access published resources such as applications stored on
servers running Citrix Presentation Server.

The version of Citrix Presentation Server Client on the remote host is
reportedly affected by an unspecified remote code execution
vulnerability involving ICA connections through proxy servers. An
attacker may be able to leverage this issue to execute arbitrary code
on the remote host subject to the user's privileges by tricking the
user into visiting a malicious website.

See also :

http://support.citrix.com/article/CTX112589

Solution :

Upgrade to Citrix Presentation Server Client for Windows version 10.0
or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 24742 (citrix_ica_code_exec.nasl)

Bugtraq ID: 22762

CVE ID: CVE-2007-1196

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now