Citrix MetaFrame Conferencing Manager May Let Remote Users Gain Keyboard and Mouse Control
|
|
SecurityTracker Alert ID: 1013457 |
|
SecurityTracker URL: http://securitytracker.com/id/1013457
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Mar 16 2005
|
Impact:
User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 3.0
|
Description:
A vulnerability was reported in Citrix MetaFrame Conferencing Manager. A remote user may be able to obtain control of a conference.
When a user joins a conference as an attendee, the user may be granted keyboard and mouse control even if the organizer of the conference has specified that the user should not have control.
The vendor reported this vulnerability.
|
Impact:
A remote user may be granted keyboard and mouse control of a conference.
|
Solution:
The vendor has issued Hotfix MCM300W012, described at:
http://support.citrix.com/kb/entry.jspa?externalID=CTX105574
|
Vendor URL: support.citrix.com/kb/entry.jspa?externalID=CTX105574 (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Windows (2000), Windows (2003)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 16 Mar 2005 17:36:05 -0500
Subject: http://support.citrix.com/kb/entry.jspa?externalID=CTX105574
|
> 7. Upon joining a conference, attendees sometimes had keyboard and mouse control
> even if the organizer specified that they not have control.
> [From Hotfix MCM300W012][#97825]
|
|
