This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects an attempt to exploit a buffer overflow vulnerability in Citrix Access Gateway Plug-in ActiveX Control.
A stack-based buffer-overflow occurs when the control processes HTTP header data from the Access Gateway server.
The vulnerable control is identified by CLSID:
Attackers may exploit these issues by enticing an unsuspecting victim to view a malicious webpage.
Successfully exploiting these issues will allow attackers to execute arbitrary code within the context of the application that uses the ActiveX control (typically Internet Explorer).
- Citrix Access Gateway Plug-in 8.1-67.7
- Citrix Access Gateway Plug-in 9.0-70.5
- Citrix Access Gateway Plug-in 9.1-96.4