Citrix Presentation Server Print Provider Buffer Overflow Vulnerability - Advisories

Software Inspectors

	Scan Online

	Personal (PSI)

	Network (NSI 2.0)

Solutions For

	Security Professionals

	Security Vendors

Free Solutions For

	Open Communities

	Journalists & Media

Secunia Advisories

	Search

	Historic Advisories

	Listed By Product

	Listed By Vendor

	Statistics / Graphs

	Secunia Research

	Report Vulnerability

	About Advisories

Virus Information

	Chronological List

	Last 10 Virus Alerts

	About Virus Information

Secunia Customers

	Customer Area

Citrix Presentation Server Print Provider Buffer Overflow Vulnerability

Secunia Advisory:	SA23869
Release Date:	2007-01-25

Critical:	Moderately critical
Impact:	System access
Where:	From local network
Solution Status:	Vendor Patch

Software:	Citrix MetaFrame Presentation Server 3.x Citrix MetaFrame XP for Windows 1.x Citrix Presentation Server 4.x

CVE reference:	CVE-2007-0444 (Secunia mirror)

	Want to know the next time vulnerabilities are fixed in this product? - Companies can be alerted via email and SMS!

Description: A vulnerability has been reported in Citrix Presentation Server, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in a print provider (ccprov.dll) when handling arguments passed to the "EnumPrintersW()" and "OpenPrinter()" functions. This can be exploited to e.g. cause a stack-based buffer overflow by passing an overly long string (more than 130 bytes) as the first argument to the "OpenPrinter()" function through a local API call or RPC request. Successful exploitation allows execution of arbitrary code. The vulnerability reportedly affects Citrix MetaFrame XP and Presentation Server version 4.0 and prior. Solution: Apply hotfix (see vendor advisory for details). Provided and/or discovered by: Discovered by an anonymous researcher and reported via ZDI. Original Advisory: Citrix: http://support.citrix.com/article/CTX111686 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-07-006.html



Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

11 Related Secunia Security Advisories, displaying 10

1. Citrix Presentation Server Weakness and Unauthorised Access

2. Citrix Presentation Server IMA Service Buffer Overflow Vulnerability

3. Citrix Presentation Server Published Application Execution Weakness

4. Citrix Products Session Reliability Service Security Bypass

5. Citrix Presentation Server IMA Service Vulnerabilities

6. Citrix MetaFrame Insecure Default Registry Key Permissions

7. Citrix Metaframe Presentation Server Policy Filtering Bypass

8. Citrix Metaframe XP Unspecified Buffer Overflow Vulnerability

9. Citrix MetaFrame XP Error Page Cross-Site Scripting Vulnerability

10. Citrix / Netware privilege escalation

Show all related advisories

Send Feedback to Secunia

If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com. Ideas, suggestions, and other feedback are most welcome.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	Red Hat update for tomcat

2.	HP-UX update for Apache

3.	Red Hat update for openoffice.org

4.	Opera Multiple Vulnerabilities

5.	OpenOffice "rtl_allocateMe mory()" Truncation Vulnerability

6.	JustSystems Ichitaro Products Unspecified Code Execution Vulnerability

7.	Red Hat Directory Server Multiple Vulnerabilities

8.	R "javareconf" Insecure Temporary Files

9.	Quick Poll "id" SQL Injection Vulnerability

10.	Ampache "gather-message s.sh" Insecure Temporary Files