1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: Citrix Provisioning Services BO

Attack: Citrix Provisioning Services BO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.


This signature detects an attempt to exploit a buffer overflow vulnerability in Citrix Provisioning Services which may result in remote code execution.

Additional Information

Citrix Provisioning Services an application for creating multiple virtual desktops on one or more servers in a data center.

The application is prone to a remote code-execution vulnerability which effects the 'streamprocess.exe' component. Specifically, the application fails to properly validate the user-supplied length value when handling the '0x40020010' and '0x40020006' packets, and the packet which requests a vDisk name.

Successfully exploiting this issue will allow attackers to execute arbitrary code within the context of the application.


  • Citrix Provisioning Services versions 5.6 SP1

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube