SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   Citrix XenApp (MetaFrame Presentation Server) Vendors:   Citrix
Citrix MetaFrame Presentation Server Buffer Overflow in 'cpprov.dll' Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1017553
SecurityTracker URL:  http://securitytracker.com/id/1017553
CVE Reference:   CVE-2007-0444   (Links to External Site)
Date:  Jan 24 2007
Impact:   Execution of arbitrary code via network, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.0
Description:   A vulnerability was reported in MetaFrame Presentation Server. A remote user can execute arbitrary code on the target system.

A remote user can send specially crafted RPC request to trigger a stack overflow in the Citrix print provider (cpprov.dll) and execute arbitrary code on the target system. The code will run with the privileges of the spooler service (LocalSystem privileges).

Citrix Presentation Server 4.0 and MetaFrame XP are also affected.

The vendor was notified on October 2, 2006.

TippingPoint reported this vulnerability.

The original advisory is available at:

http://www.zerodayinitiative.com/advisories/ZDI-07-006.html

Impact:   A remote user can execute arbitrary code with LocalSystem privileges on the target system.
Solution:   The vendor has issued the following fixes.

MetaFrame XP 1.0 for Windows 2000 Server:

EN - http://support.citrix.com/article/CTX111648

FR - http://support.citrix.com/article/CTX111650

GE - http://support.citrix.com/article/CTX111651

JA - http://support.citrix.com/article/CTX111655

ES - http://support.citrix.com/article/CTX111653

MetaFrame XP 1.0 for Windows Server 2003:

EN - http://support.citrix.com/article/CTX111657

FR - http://support.citrix.com/article/CTX111658

GE - http://support.citrix.com/article/CTX111659

JA - http://support.citrix.com/article/CTX111661

ES - http://support.citrix.com/article/CTX111660

MetaFrame Presentation Server 3.0 for Windows 2000 Server:

EN - http://support.citrix.com/article/CTX111992

FR - http://support.citrix.com/article/CTX111993

GE - http://support.citrix.com/article/CTX111994

JA - http://support.citrix.com/article/CTX111996

ES - http://support.citrix.com/article/CTX111995

MetaFrame Presentation Server 3.0 for Windows Server 2003:

EN - http://support.citrix.com/article/CTX111970

FR - http://support.citrix.com/article/CTX111972

GE - http://support.citrix.com/article/CTX111973

JA - http://support.citrix.com/article/CTX111971

ES - http://support.citrix.com/article/CTX111974

Citrix Presentation Server 4.0 for Windows 2000 Server:

EN - http://support.citrix.com/article/CTX111949

FR - http://support.citrix.com/article/CTX111950

GE - http://support.citrix.com/article/CTX111951

JA - http://support.citrix.com/article/CTX111953

ES - http://support.citrix.com/article/CTX111952

Citrix Presentation Server 4.0 for Windows Server 2003:

EN - http://support.citrix.com/article/CTX111925

FR - http://support.citrix.com/article/CTX111926

GE - http://support.citrix.com/article/CTX111927

JA - http://support.citrix.com/article/CTX111929

ES - http://support.citrix.com/article/CTX111928

Citrix Presentation Server 4.0 for Windows Server 2003 x64 Editions:

EN - http://support.citrix.com/article/CTX111643

FR - http://support.citrix.com/article/CTX111645

GE - http://support.citrix.com/article/CTX111644

JA - http://support.citrix.com/article/CTX111654

ES - http://support.citrix.com/article/CTX111652

The Citrix advisory is available at:

http://support.citrix.com/article/CTX111686

Vendor URL:  support.citrix.com/article/CTX111686 (Links to External Site)
Cause:   Boundary error
Underlying OS:   Windows (2000), Windows (2003)

Message History:   None.


 Source Message Contents

Date:  Wed, 24 Jan 2007 13:23:24 -0500
Subject:  Citrix Metaframe Presentation Server Print Provider Buffer Overflow Vulnerability


http://www.zerodayinitiative.com/advisories/ZDI-07-006.html

CVE-2007-0444
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC