Citrix Online Plug-In and ICA Client Heap Overflow Remote Code Execution Vulnerability
Citrix Online Plug-In and ICA Client are prone to a remote code-execution vulnerability because the applications fail to properly bounds-check user-supplied data.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
The following products are vulnerable:
Citrix Online Plug-in for XenApp & XenDesktop for Windows prior to version 11.2
Citrix Online Plug-in for XenApp & XenDesktop for Mac prior to version 11.0
Citrix ICA Client for Linux (x86 and ARM) prior to version 11.100
Citrix ICA Client for Solaris (x86 and Sparc) prior to version 8.63
Citrix Receiver for Windows Mobile prior to version 11.5