Citrix Provisioning Services SoapServer RCE (CTX133039)
Critical Nessus Plugin ID 59018
SynopsisAn application running on the remote Windows host is affected by a remote code execution vulnerability.
DescriptionThe version of Citrix Provisioning Services running on the remote Windows host is affected by a remote code execution vulnerability in the SoapServer service due to an overflow condition caused by improper validation of user-supplied input when parsing date and time strings.
An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to cause a denial of service condition or the execution of arbitrary code.
SolutionApply the relevant hotfix as referenced in the vendor's advisory.