Secunia Security Advisory - Two vulnerabilities have been reported in Citrix Program Neighborhood Agent, which can be exploited by malicious people to compromise a user's system.
59509faa04fdb555c7812738e354b09ff5dd12534bf0f6f8fa704d0a57dca59b
----------------------------------------------------------------------
Want a new IT Security job?
Vacant positions at Secunia:
http://secunia.com/secunia_vacancies/
----------------------------------------------------------------------
TITLE:
Citrix Program Neighborhood Agent Two Vulnerabilities
SECUNIA ADVISORY ID:
SA15108
VERIFY ADVISORY:
http://secunia.com/advisories/15108/
CRITICAL:
Moderately critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
Citrix Program Neighborhood Agent 8.x
http://secunia.com/product/4287/
DESCRIPTION:
Two vulnerabilities have been reported in Citrix Program Neighborhood
Agent, which can be exploited by malicious people to compromise a
user's system.
1) An unspecified error can be exploited to cause a stack-based
buffer overflow and may allow execution of arbitrary code.
2) An unspecified error allows arbitrary shortcuts to be created.
Successful exploitation requires that the client has been configured
to point to a malicious server.
The following clients are affected:
* Program Neighborhood Agent for Win32
* Citrix MetaFrame Presentation Server client for WinCE (versions
including Program Neighborhood Agent)
SOLUTION:
The vulnerabilities have been addressed in the listed client versions
below, which are available at:
http://www.citrix.com/English/SS/downloads/downloads.asp?dID=2755
* Program Neighborhood Agent for Win32 versions 9.0 and later.
* Citrix MetaFrame Presentation Server client for WinCE versions 8.33
and later.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits iDEFENSE.
ORIGINAL ADVISORY:
Citrix:
http://support.citrix.com/kb/entry.jspa?entryID=6156&categoryID=149
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------