1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Citrix Access Gateway CVE-2011-2882

Web Attack: Citrix Access Gateway CVE-2011-2882

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to exploit a buffer overflow vulnerability in Citrix Access Gateway Plug-in ActiveX Control.

Additional Information

A stack-based buffer-overflow occurs when the control processes HTTP header data from the Access Gateway server.

The vulnerable control is identified by CLSID:
181BCAB2-C89B-4E4B-9E6B-59FA67A426B5

Attackers may exploit these issues by enticing an unsuspecting victim to view a malicious webpage.

Successfully exploiting these issues will allow attackers to execute arbitrary code within the context of the application that uses the ActiveX control (typically Internet Explorer).

Affected

  • Citrix Access Gateway Plug-in 8.1-67.7
  • Citrix Access Gateway Plug-in 9.0-70.5
  • Citrix Access Gateway Plug-in 9.1-96.4
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube