A flaw in Citrix's Presentation Server Client creates a means for hackers to compromise machines running the popular thin-client application.

The vulnerability stems from an unspecified bug involving support for Independent Computing Architecture (ICA) connections through a proxy server. ICA is an application server protocol used by Citrix products.

If successfully exploited, the vulnerability might be harnessed to inject malware onto vulnerable systems running maliciously constructed websites.

The exploit scenario is all too familiar to users of Windows fat client PCs, but unusual to users of generally far more secure thin clients, contributing to the bug's critical rating.

Users are advised to update to version 10.0 of Citrix's software to guard against possible attacks based on the flaw, which affects Citrix Presentation Server Client version 9.x and below. Citrix credits the discovery of the flaw to Karl Lynn of Juniper Networks. Citrix's advisory on the flaw can be found here. ®

Related stories

Delivery is all, says Citrix (7 June 2007)
Citrix unveils branding program (6 June 2007)
Nivio betas hosted Windows (7 May 2007)
Citrix goes whole hog with virtual Windows (13 April 2007)
NEC adds VoIP to thin clients (10 November 2006)
Citrix moving up in the world (30 November 2005)
Of Citrix roadmaps and other things (13 October 2005)
Citrix buys Net6 (24 November 2004)