Citrix Access Gateway Plug-in for Windows ActiveX Control Multiple Vulnerabilities (CTX129902)
High Nessus Plugin ID 55653
SynopsisThe remote Windows host has an ActiveX control that is affected by multiple vulnerabilities.
DescriptionThe Citrix Access Gateway ActiveX control for Citrix Access Gateway Enterprise Edition is installed on the remote Windows host. It is the ActiveX component of the Citrix Access Gateway Plug-in for Windows and provides an SSL-based VPN via a web browser.
The installed version of this control is affected by the following vulnerabilities that could lead to arbitrary code execution :
- The control loads a dynamic link library (DLL) when processing HTTP header data from the Access Gateway server without properly ensuring that the DLL has a valid signature. (ZDI 928)
- The control copies HTTP header data from the Access Gateway server into a fixed-size stack buffer without verifying the size of the data, which could result in a buffer overflow. (ZDI 929)
SolutionEither set the kill bit for the control or upgrade to Citrix Access Gateway Enterprise Edition 8.1-67.7 / 9.0-70.5 / 9.1-96.4 or later.