You are here

U-225: Citrix Access Gateway Plug-in for Windows nsepacom ActiveX Control Vulnerabilities

August 1, 2012 - 5:37am

Addthis

PROBLEM:

Citrix Access Gateway Plug-in for Windows nsepacom ActiveX Control Vulnerabilities

PLATFORM:

Citrix Access Gateway 9.x

ABSTRACT:

Two vulnerabilities in Citrix Access Gateway Plug-in for Windows can be exploited by malicious people to compromise a user's system.

reference  LINKS:

Citrix Knowledge Center
Secunia Advisory SA45299
Secunia Research
Secunia Research
CVE-2011-2592
CVE-2011-2593

IMPACT ASSESSMENT:

High

Discussion:

Research has discovered two vulnerabilities in Citrix Access Gateway Plug-in for Windows, which can be exploited by malicious people to compromise a user's system.

1) A boundary error in the nsepacom ActiveX control (nsepa.exe) when processing HTTP responses based on the request via the "StartEpa()" method can be exploited to cause a heap-based buffer overflow via an overly long "CSEC" HTTP response header.

2) An integer overflow error in the nsepacom ActiveX control (nsepa.exe) when processing HTTP responses based on the request via the "StartEpa()" method can be exploited to cause a heap-based buffer overflow via a specially crafted "Content-Length" HTTP response header.

The vulnerabilities are confirmed in version 9.3.49.5. Other versions may also be affected.

Impact:

Successful exploitation of the vulnerabilities allows execution of arbitrary code.

Solution:

No official solution is currently available.

 

Addthis