This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects an attempt to exploit a buffer overflow vulnerability in Citrix Provisioning Services which may result in remote code execution.
Citrix Provisioning Services an application for creating multiple virtual desktops on one or more servers in a data center.
The application is prone to a remote code-execution vulnerability which effects the 'streamprocess.exe' component. Specifically, the application fails to properly validate the user-supplied length value when handling the '0x40020010' and '0x40020006' packets, and the packet which requests a vDisk name.
Successfully exploiting this issue will allow attackers to execute arbitrary code within the context of the application.
- Citrix Provisioning Services versions 5.6 SP1