The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of XenApp

vulnerability announce CVE-2016-6493

Citrix XenApp, XenDesktop: privilege escalation via Memory Permission

Synthesis of the vulnerability

A local attacker can potentially manipulate the memory of Citrix XenApp or XenDesktop, in order to escalate his privileges.
Impacted products: XenApp, XenDesktop.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 03/08/2016.
Identifiers: CTX215460, CVE-2016-6493, VIGILANCE-VUL-20302.

Description of the vulnerability

The Citrix XenApp and XenDesktop products use shared memory.

However, access permissions to some memory areas are incorrect.

A local attacker can therefore potentially manipulate the memory of Citrix XenApp or XenDesktop, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2012-5161

Citrix XenApp: code execution via the XML Service Interface component

Synthesis of the vulnerability

An attacker can send a specially ill formed request to the XML Service Interface component of Citrix XenApp, in order to make it execute arbitrary machine code.
Impacted products: XenApp.
Severity: 2/4.
Consequences: privileged access/rights.
Provenance: intranet client.
Creation date: 13/12/2012.
Identifiers: BID-56907, CERTA-2012-AVI-733, CTX135066, CVE-2012-5161, VIGILANCE-VUL-12233.

Description of the vulnerability

An attacker can send a specially ill formed request to the XML Service Interface component of Citrix XenApp, in order to make it execute arbitrary machine code.

Technicals details are unknown.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2012-4603

Citrix Receiver, Online Plug-in: code execution via DLL Preload

Synthesis of the vulnerability

An attacker can create a malicious DLL and invite the victim to open a document with Citrix Online Plug-in in the same directory, in order to execute code.
Impacted products: XenApp.
Severity: 2/4.
Consequences: user access/rights.
Provenance: intranet server.
Creation date: 12/09/2012.
Identifiers: BID-55518, CERTA-2012-AVI-504, CTX134681, CVE-2012-4603, VIGILANCE-VUL-11934.

Description of the vulnerability

The Citrix Online Plug-in (Citrix Receiver, XenApp Plug-in) product loads a DLL when a file is opened.

However, the library is loaded insecurely. An attacker can thus use the VIGILANCE-VUL-9879 vulnerability to execute code.

An attacker can therefore create a malicious DLL and invite the victim to open a document with Citrix Online Plug-in in the same directory, in order to execute code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin 11648

Citrix XenApp, Presentation Server: denial of service via Branch Repeater

Synthesis of the vulnerability

A remote attacker can connect through Branch Repeater, in order to generate a fatal error in wdica.sys, which stops Citrix XenApp.
Impacted products: Citrix Presentation Server, XenApp.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 23/05/2012.
Identifiers: BID-53663, CTX133159, VIGILANCE-VUL-11648.

Description of the vulnerability

The Branch Repeater service is used to optimize network access.

Citrix products install the wdica.sys driver (Independent Computing Architecture WinStation Driver) which processes client-server exchanges.

A remote attacker can connect through Branch Repeater, in order to generate a fatal error in wdica.sys, which stops Citrix XenApp.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce 11422

Citrix XenApp: bypassing access policy

Synthesis of the vulnerability

When the Hotfix Rollup Pack 3 is installed, and when Access Gateway Advanced Edition filters are used, an attacker can bypass the access policy.
Impacted products: XenApp.
Severity: 2/4.
Consequences: user access/rights, data reading, data creation/edition.
Provenance: intranet client.
Creation date: 12/03/2012.
Identifiers: CTX118792, VIGILANCE-VUL-11422.

Description of the vulnerability

When the Hotfix Rollup Pack 3 is installed, and when Access Gateway Advanced Edition filters are used, an attacker can bypass the access policy.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin 11228

Citrix Web Interface: authentication replay

Synthesis of the vulnerability

An attacker, who captured an authentication session on Citrix Web Interface, can replay it, in order to access to victim's space.
Impacted products: XenApp, XenDesktop, XenServer.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights.
Provenance: internet client.
Creation date: 15/12/2011.
Identifiers: BID-51075, VIGILANCE-VUL-11228.

Description of the vulnerability

The Citrix Web Interface service allows users to access to their virtualized applications, via Citrix Receiver. The session between Citrix Receiver and Citrix Web Interface is not encrypted by default.

The Citrix Receiver application sends an HTTP POST query containing XML data. These XML data contain a login name (UserName) and an encoded password (Password encoding="ctx1"). However, the Citrix Web Interface service generates no challenge, so all authentication sessions are the same.

An attacker, who captured an authentication session on Citrix Web Interface, can therefore replay it, in order to access to victim's space.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert 11146

Citrix Presentation Server Client: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities were announced in Citrix Presentation Server.
Impacted products: Citrix Presentation Server, XenApp.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights, data reading.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 4.
Creation date: 09/11/2011.
Identifiers: CTX114893, CTX116228, CTX116310, CTX116941, VIGILANCE-VUL-11146.

Description of the vulnerability

Several vulnerabilities were announced in Citrix Presentation Server.

ICA connections can use SecureICA and ICA Basic encryption levels weaker than the ones defined by the administrator. [severity:1/4; CTX114893]

When MSI Logging is enabled, authentication credential are logged. [severity:1/4; CTX116228]

On Windows, a local attacker can elevate his privileges. [severity:2/4; CTX116310]

An authenticated attacker can access to a desktop, even if he is not allowed. [severity:2/4; CTX116941]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note 11129

Citrix Presentation Server Client: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities were announced in Citrix Presentation Server Client for Windows.
Impacted products: Citrix Presentation Server, XenApp.
Severity: 2/4.
Consequences: user access/rights, data reading.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 07/11/2011.
Identifiers: CTX111827, CTX112589, CTX116227, VIGILANCE-VUL-11129.

Description of the vulnerability

Several vulnerabilities were announced in Citrix Presentation Server Client for Windows.

A vulnerability of the Citrix Presentation Server Client for Windows ActiveX can be used by a remote attacker to execute code. [severity:2/4; CTX111827]

A vulnerability of ICA connections of Citrix Presentation Server Client for Windows can be used by an attacker to execute code. [severity:2/4; CTX112589]

The memory of the Citrix Presentation Server Client for Windows process contains sensitive information. [severity:1/4; CTX116227]
Full Vigil@nce bulletin... (Free trial)

vulnerability note 10874

Citrix XenApp, XenDesktop: code execution via XML Service

Synthesis of the vulnerability

An attacker can send a malicious query to Citrix XML Service, in order to execute code.
Impacted products: Citrix Presentation Server, XenApp, XenDesktop.
Severity: 3/4.
Consequences: privileged access/rights.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 27/07/2011.
Revision date: 29/07/2011.
Identifiers: BID-48898, CTX129430, n.runs-SA-2011.001, n.runs-SA-2011.002, VIGILANCE-VUL-10874.

Description of the vulnerability

The XML Service interface of XenApp/XenDesktop can be configured with Microsoft IIS, or can be directly reachable via ctxxmlss.exe (Citrix XML Service). Two vulnerabilities impact Citrix XML Service.

An attacker can use a password encoded as "ctx1" and longer than 256 characters, in order to create a buffer overflow in /scripts/wpnbr.dll. [severity:3/4; n.runs-SA-2011.001]

An attacker can use a long "/scripts/" url, in order to corrupt the memory. [severity:3/4; n.runs-SA-2011.002]

An attacker can therefore send a malicious query to Citrix XML Service, in order to execute code.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 10493

Citrix Presentation Server, XenApp: code execution via ActiveSync

Synthesis of the vulnerability

A network attacker can use the ActiveSync feature of Citrix Presentation Server and Citrix XenApp, in order to execute code.
Impacted products: Citrix Presentation Server, XenApp.
Severity: 3/4.
Consequences: user access/rights.
Provenance: intranet client.
Creation date: 24/03/2011.
Identifiers: BID-47016, CTX128366, VIGILANCE-VUL-10493.

Description of the vulnerability

The ActiveSync feature is used to synchronize data of a mobile/pda with data of an application such as Microsoft Outlook.

The Citrix Presentation Server and Citrix XenApp products enable the ActiveSync service, which listens on port 28875.

A network attacker can connect to the ActiveSync feature of Citrix Presentation Server and Citrix XenApp, in order to execute code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.