CVE-2004-1078

Stack-based buffer overflow in the client for Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and Citrix MetaFrame Presentation Server client for WinCE before 8.33 allows remote attackers to execute arbitrary code via a long cached icon filename in the InName XML element.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/15108	Patch Vendor Advisory
http://support.citrix.com/kb/entry.jspa?externalID=CTX105650	Patch Vendor Advisory
http://www.idefense.com/application/poi/display?id=238&type=vulnerabilities	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:citrix:metaframe_client:8.0::win-ce:::::
	cpe:2.3:a:citrix:program_neighborhood_agent:8.0::win32:::::

History

No history.

Information

Published : 2004-04-26 04:00

Updated : 2008-09-05 20:40

NVD link : CVE-2004-1078

Mitre link : CVE-2004-1078

CVE.ORG link : CVE-2004-1078

JSON object : View

Products Affected

citrix

program_neighborhood_agent
metaframe_client

CWE

NVD-CWE-Other

{"id": "CVE-2004-1078", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2004-04-26T04:00:00.000", "references": [{"url": "http://secunia.com/advisories/15108", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://support.citrix.com/kb/entry.jspa?externalID=CTX105650", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.idefense.com/application/poi/display?id=238&type=vulnerabilities", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the client for Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and Citrix MetaFrame Presentation Server client for WinCE before 8.33 allows remote attackers to execute arbitrary code via a long cached icon filename in the InName XML element."}], "lastModified": "2008-09-05T20:40:18.357", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:citrix:metaframe_client:8.0:*:win-ce:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "629FE868-D647-4404-8F9C-3234BFC13980"}, {"criteria": "cpe:2.3:a:citrix:program_neighborhood_agent:8.0:*:win32:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D320E80-C5C3-414F-8B0B-01AED6FD40F1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

7.5 /10