CVE-2007-0444

Citrix MetaFrame - Stack-based Buffer Overflow in Print Provider Library via Long Arguments

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0444. PoCs published by Andres Tarasco.

AI-analyzed exploit summary This is a proof-of-concept exploit for CVE-2007-0444, targeting a vulnerability in the Citrix Metaframe spooler service. It fuzzes the EnumPrinter() and EnumPrinterW() functions to trigger a crash in the spooler service (spoolsv.exe) by overwriting the return address with 0x00410041.

Description

Stack-based buffer overflow in the print provider library (cpprov.dll) in Citrix Presentation Server 4.0, MetaFrame Presentation Server 3.0, and MetaFrame XP 1.0 allows local users and remote attackers to execute arbitrary code via long arguments to the (1) EnumPrintersW and (2) OpenPrinter functions.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Andres Tarasco · cdoswindows

https://www.exploit-db.com/exploits/3204

View Code ZIP pw:eip

This is a proof-of-concept exploit for CVE-2007-0444, targeting a vulnerability in the Citrix Metaframe spooler service. It fuzzes the EnumPrinter() and EnumPrinterW() functions to trigger a crash in the spooler service (spoolsv.exe) by overwriting the return address with 0x00410041.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Citrix Metaframe Presentation Server (tested on Windows 2003 + Citrix Presentation Server)

No auth needed

Prerequisites: Access to a vulnerable Citrix Metaframe Presentation Server

MITRE ATT&CK