vulnerability note CVE-2012-4603
Citrix Receiver, Online Plug-in: code execution via DLL Preload
Synthesis of the vulnerability
An attacker can create a malicious DLL and invite the victim to open a document with Citrix Online Plug-in in the same directory, in order to execute code.Impacted products:
BID-55518, CERTA-2012-AVI-504, CTX134681, CVE-2012-4603, VIGILANCE-VUL-11934.
Description of the vulnerability
The Citrix Online Plug-in (Citrix Receiver, XenApp Plug-in) product loads a DLL when a file is opened.
However, the library is loaded insecurely. An attacker can thus use the VIGILANCE-VUL-9879 vulnerability to execute code.
An attacker can therefore create a malicious DLL and invite the victim to open a document with Citrix Online Plug-in in the same directory, in order to execute code.Complete Vigil@nce bulletin....
Share this bulletin
Computer vulnerabilities tracking service
Vigil@nce provides a computers vulnerabilities patch
. The technology watch team tracks security threats targeting the computer system. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.