CVE-2010-2990

Citrix Online Plug-in for Windows for XenApp & XenDesktop before 11.2, Citrix Online Plug-in for Mac for XenApp & XenDesktop before 11.0, Citrix ICA Client for Linux before 11.100, Citrix ICA Client for Solaris before 8.63, and Citrix Receiver for Windows Mobile before 11.5 allow remote attackers to execute arbitrary code via (1) a crafted HTML document, (2) a crafted .ICA file, or (3) a crafted type field in an ICA graphics packet, related to a "heap offset overflow" issue.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0040.html
http://secunia.com/advisories/40808	Vendor Advisory
http://support.citrix.com/article/CTX125975	Patch Vendor Advisory
http://www.securityfocus.com/archive/1/512861/100/0/threaded

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:citrix:ica_client_for_linux::::::::
	cpe:2.3:a:citrix:ica_client_for_solaris::::::::
	cpe:2.3:a:citrix:online_plug-in_for_mac_for_xenapp_\&_xendesktop::::::::
	cpe:2.3:a:citrix:online_plug-in_for_windows_for_xenapp_\&_xendesktop::::::::
	cpe:2.3:a:citrix:receiver_for_windows_mobile::::::::

History

No history.

Information

Published : 2010-08-11 20:00

Updated : 2024-02-04 17:54

NVD link : CVE-2010-2990

Mitre link : CVE-2010-2990

CVE.ORG link : CVE-2010-2990

JSON object : View

Products Affected

citrix

receiver_for_windows_mobile
ica_client_for_solaris
online_plug-in_for_windows_for_xenapp_\&_xendesktop
ica_client_for_linux
online_plug-in_for_mac_for_xenapp_\&_xendesktop

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2010-2990", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2010-08-11T20:00:01.360", "references": [{"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0040.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/40808", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://support.citrix.com/article/CTX125975", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/512861/100/0/threaded", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Citrix Online Plug-in for Windows for XenApp & XenDesktop before 11.2, Citrix Online Plug-in for Mac for XenApp & XenDesktop before 11.0, Citrix ICA Client for Linux before 11.100, Citrix ICA Client for Solaris before 8.63, and Citrix Receiver for Windows Mobile before 11.5 allow remote attackers to execute arbitrary code via (1) a crafted HTML document, (2) a crafted .ICA file, or (3) a crafted type field in an ICA graphics packet, related to a \"heap offset overflow\" issue."}, {"lang": "es", "value": "Citrix Online Plug-in para Windows para XenApp & XenDesktop anterior v11.2, Citrix Online Plug-in para Mac para XenApp & XenDesktop anterior v11.0, Citrix ICA Client para Linux anterior v11.100, Citrix ICA Client para Solaris anterior v8.63, y Citrix Receiver para Windows Mobile before v11.5 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de (1) un documento\r\nHTML manipulado, (2) un fichero .ICA manipulado, o (3) un tipo de campo manipulado, en un paquete gr\u00e1fico ICA, relacionado con el tema de \"desbordamiento de pila offset\"."}], "lastModified": "2018-10-10T20:00:41.127", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:citrix:ica_client_for_linux:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B62D9D16-AE12-4DBE-8B61-457B8076E361", "versionEndIncluding": "11.0"}, {"criteria": "cpe:2.3:a:citrix:ica_client_for_solaris:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4FBABF7-9597-445F-8E66-A0FA6E93CCDA", "versionEndIncluding": "8.62"}, {"criteria": "cpe:2.3:a:citrix:online_plug-in_for_mac_for_xenapp_\\&_xendesktop:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9322085F-F701-4ABA-8286-84926694C51D", "versionEndIncluding": "10.0"}, {"criteria": "cpe:2.3:a:citrix:online_plug-in_for_windows_for_xenapp_\\&_xendesktop:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1A5848B-CE27-4BF6-8BB1-BF3C37636BA9", "versionEndIncluding": "11.1"}, {"criteria": "cpe:2.3:a:citrix:receiver_for_windows_mobile:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8709CC49-49D9-48F9-8559-A6E7A7E4ABE4", "versionEndIncluding": "11.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}