• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Various Citrix Applications MFEvent.DLL Privilege Escalation Vulnerabilities

Various Citrix applications contain an error that allows an authenticated user to escalate privileges.

The issue occurs because the application fails to prevent malicious attackers from modifying access control lists.

An authenticated user can exploit this issue by crafting malicious DLL file, modifying the original path of the library pointing to the malicious DLL file, and then loading and running the file within the context of the system. This would allow an authenticated user to gain elevated privileges over the metaframe server.