Internet threat level: 1
Home→Descriptions→SA45299
Citrix Access Gateway Plug-in for Windows nsepacom ActiveX Control Vulnerabilities
| Secunia ID | |
| CVE-ID | |
| Release Date |
01 Aug 2012 |
| Last Change |
10 Aug 2012 |
| Criticality | |
| Solution Status |
Vendor Patch |
| Software |
Citrix Access Gateway Plug-in for Windows 9.x |
| Where | |
| Impact |
System accessThis covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user. |
| Description |
Secunia Research has discovered two vulnerabilities in Citrix Access Gateway Plug-in for Windows, which can be exploited by malicious people to compromise a user's system. 1) A boundary error in the nsepacom ActiveX control (nsepa.exe) when processing HTTP responses based on the request via the "StartEpa()" method can be exploited to cause a heap-based buffer overflow via an overly long "CSEC" HTTP response header. 2) An integer overflow error in the nsepacom ActiveX control (nsepa.exe) when processing HTTP responses based on the request via the "StartEpa()" method can be exploited to cause a heap-based buffer overflow via a specially crafted "Content-Length" HTTP response header. Successful exploitation of the vulnerabilities allows execution of arbitrary code. The vulnerabilities are confirmed in version 9.3.49.5 and reportedly affect the following versions: |
| Solution |
Update to version 10.0-69.4 or 9.3-57.5. |
| Reported by |
Dmitriy Pletnev, Secunia Research. |
| Original Advisory |
Secunia Research: |
© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.