Citrix Access Gateway Plug-in for Windows ActiveX Control Multiple Vulnerabilities (CTX129902)

High Nessus Plugin ID 55653


The remote Windows host has an ActiveX control that is affected by multiple vulnerabilities.


The Citrix Access Gateway ActiveX control for Citrix Access Gateway Enterprise Edition is installed on the remote Windows host. It is the ActiveX component of the Citrix Access Gateway Plug-in for Windows and provides an SSL-based VPN via a web browser.

The installed version of this control is affected by the following vulnerabilities that could lead to arbitrary code execution :

- The control loads a dynamic link library (DLL) when processing HTTP header data from the Access Gateway server without properly ensuring that the DLL has a valid signature. (ZDI 928)

- The control copies HTTP header data from the Access Gateway server into a fixed-size stack buffer without verifying the size of the data, which could result in a buffer overflow. (ZDI 929)


Either set the kill bit for the control or upgrade to Citrix Access Gateway Enterprise Edition 8.1-67.7 / 9.0-70.5 / 9.1-96.4 or later.

See Also

Plugin Details

Severity: High

ID: 55653

File Name: citrix_access_gateway_activex_ctx129902.nasl

Version: $Revision: 1.11 $

Type: local

Agent: windows

Family: Windows

Published: 2011/07/22

Modified: 2013/05/23

Dependencies: 13855

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:citrix:access_gateway

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2011/07/13

Vulnerability Publication Date: 2011/07/14

Exploitable With

Core Impact

Metasploit (Citrix Gateway ActiveX Control Stack Based Buffer Overflow Vulnerability)

Reference Information

CVE: CVE-2011-2882, CVE-2011-2883

BID: 48676

OSVDB: 74191, 74192

EDB-ID: 17762