Citrix vulnerability found

Vulnerability in Citrix's Presentation Server Client could allow users' machines to be compromised
Written by Tom Espiner, Contributor on

A vulnerability has been found in Citrix's Presentation Server Client, an application that allows remote users to access corporate servers from outside the office.

Versions older than 10.0 could be vulnerable to a buffer overflow which would enable an attacker to compromise a user's machine, according to researcher Karl Lynn of Juniper Networks, who discovered the vulnerability. Security advisory organisation Secunia has rated the vulnerability as highly critical in a security advisory.

The vulnerability is caused by an error in the support for ICA connections through a proxy server. This may be exploited to execute arbitrary code when a user visits a malicious web site, Citrix warned in an advisory.

ICA (Independent Computing Architecture), designed by Citrix, is a proprietary protocol for application server systems. The protocol gives specifications for passing data between servers and clients, regardless of platform.

The vulnerability currently has no patch, and Citrix recommends users protect themselves by upgrading to version 10.0 of Citrix Presentation Server Client.

Editorial standards