• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Citrix Presentation Server 'icabar.exe' Local Privilege Escalation Vulnerability

Citrix Presentation Server (formerly Citrix MetaFrame Server) is prone to a privilege-escalation vulnerability caused by a flaw in how 'icabar.exe' is invoked via a 'Run' registry key.

Attackers can leverage this issue to execute arbitrary code with administrator privileges. Successful exploits will completely compromise affected computers.

The following products are vulnerable when running on Windows NT, Windows 2000, and Windows 2003:

Citrix MetaFrame Presentation Server 3.0 and prior
Citrix MetaFrame XP 1.0 and prior