Citrix Provisioning Services 'streamprocess.exe' Component Remote Code Execution Vulnerability Network Vulnerability

Summary

This host is installed with Citrix Provisioning Services and is prone to remote code execution vulnerability.

Impact

Successful exploitation could allow remote attackers to execute arbitrary code in the context of the SYSTEM user. Impact Level: Application/System

Solution

Upgrade to Citrix Provisioning Services version 5.6 SP1 or later, For updates refer to http://support.citrix.com/article/CTX127123

Insight

The flaw is due to an error in the 'streamprocess.exe' component when handling a '0x40020010' type packet. This can be exploited to cause a stack based buffer overflow via a specially crafted packet sent to UDP port 6905.

Affected

Citrix Provisioning Services version 5.6 and prior.

References

http://secunia.com/advisories/42954
http://support.citrix.com/article/CTX127149
http://www.zerodayinitiative.com/advisories/ZDI-11-023/

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Alleycode HTML Editor Buffer Overflow Vulnerabilities
Cogent DataHub Unicode Buffer Overflow Vulnerability
Adobe Reader 'File Extension' Buffer Overflow Vulnerability (Windows)
Adobe Reader 'XFDF' File Buffer Overflow Vulnerability (Linux)
ClamAV 'find_stream_bounds()' function Buffer Overflow Vulnerability

Take action and discover your vulnerabilities