Windows-like flaw hits Citrix
PrintWelcome to our world
Posted in Software & Security, 6th March 2007 14:21 GMT
Free whitepaper – What Exchange can't do - and Dell can
A flaw in Citrix's Presentation Server Client creates a means for hackers to compromise machines running the popular thin-client application.
The vulnerability stems from an unspecified bug involving support for Independent Computing Architecture (ICA) connections through a proxy server. ICA is an application server protocol used by Citrix products.
If successfully exploited, the vulnerability might be harnessed to inject malware onto vulnerable systems running maliciously constructed websites.
The exploit scenario is all too familiar to users of Windows fat client PCs, but unusual to users of generally far more secure thin clients, contributing to the bug's critical rating.
Users are advised to update to version 10.0 of Citrix's software to guard against possible attacks based on the flaw, which affects Citrix Presentation Server Client version 9.x and below. Citrix credits the discovery of the flaw to Karl Lynn of Juniper Networks. Citrix's advisory on the flaw can be found here. ®
Analyst Keynote: The Register Agile Data Center Summit
Managing desktop software for fun and profit
Enhancing retail operations with unified communications
New storage architectures make SSDs more cost-effective
Sign up, sign up for The Register IT security newsletter
Microsoft's Windows 7 price gamble - and why it's flawed
Managing Desktop Software for fun and profit
Intel's flash new SSDs hit by bugs