March 5, 2007 9:38 AM PST

Flaw found in Citrix server client

Related Stories

Citrix acquires Reflectent

May 8, 2006

Citrix buys NetScaler for $300 million

June 2, 2005
A flaw has been found in Citrix's Presentation Server Client, an application that allows remote users to access corporate servers from outside the office.

Versions older than 10.0 could be vulnerable to a buffer overflow which would enable an attacker to compromise a user's machine, according to researcher Karl Lynn of Juniper Networks, who discovered the flaw. Security advisory organization Secunia has rated the vulnerability as highly critical.

The vulnerability is caused by an error in the support for ICA (Independent Computing Architecture) connections through a proxy server. This may be exploited to execute arbitrary code when a user visits a malicious Web site, Citrix warned in an advisory last week.

ICA, designed by Citrix, is a proprietary protocol for application server systems. The protocol gives specifications for passing data between servers and clients, regardless of platform.

The vulnerability currently has no patch. Citrix recommends users protect themselves by upgrading to version 10.0 of Citrix Presentation Server Client.

Tom Espiner of ZDNet UK reported from London.

See more CNET content tagged:
Citrix Systems Inc., ICA Corp., Citrix Server, application server, flaw

 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.