Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2004-1078

Stack-based buffer overflow in the client for Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and Citrix MetaFrame Presentation Server client for WinCE before 8.33 allows remote attackers to execute arbitrary code via a long cached icon filename in the InName XML element.

Published

2004-04-26T04:00:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	citrix	metaframe_client	8.0	Yes
Application	citrix	program_neighborhood_agent	8.0	Yes

References

http://secunia.com/advisories/15108 Patch, Vendor Advisory ([email protected])
http://support.citrix.com/kb/entry.jspa?externalID=CTX105650 Patch, Vendor Advisory ([email protected])
http://www.idefense.com/application/poi/display?id=238&type=vulnerabilities Patch, Vendor Advisory ([email protected])
http://secunia.com/advisories/15108 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://support.citrix.com/kb/entry.jspa?externalID=CTX105650 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.idefense.com/application/poi/display?id=238&type=vulnerabilities Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)