Short Name |
APP:CITRIX:XENAPP-XML-RCE |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Citrix XenApp and XenDesktop XML Service Interface Remote Code Execution |
Release Date |
2012/11/23 |
Update Number |
2205 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability in Citrix XenApp and XenDesktop XML Service. A successful attack can lead to a stack overflow and arbitrary remote code execution within the context of the affected application.
Citrix XenApp and XenDesktop are prone to multiple remote code-execution vulnerabilities. An attacker can exploit these vulnerabilities to execute arbitrary code in the context of a service account on the vulnerable server. Failed exploit attempts will result in a denial-of-service condition. The following products are affected: XenApp version 6 and prior versions XenApp Fundamentals version 6 and prior versions XenDesktop 4 XenDesktop 4 with Feature Packs 1 XenDesktop 4 with Feature Packs 2