Citrix Program Neighborhood Application Enumeration Buffer Overflow Vulnerability

Citrix Program Neighborhood Application Enumeration Buffer Overflow Vulnerability

The Citrix Program Neighborhood is prone to a stack-based overflow. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer.

This issue allows remote attackers to execute arbitrary machine code in the context of vulnerable client applications.

In order to exploit this issue, affected clients must connect to a malicious server. Attacks against the DNS infrastructure used by clients, social engineering, or other methods may be employed to achieve this. Alternatively, attackers must have access to a computer in the same LAN as targeted clients.

Versions 9.1 and prior of the Citrix Program Neighborhood client are vulnerable to this issue.