CVE-2008-0356

Citrix Access Essentials < 2.0 - Memory Corruption

Title source: rule

Description

Buffer overflow in the Independent Management Architecture (IMA) service in Citrix Presentation Server (MetaFrame Presentation Server) 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 allows remote attackers to execute arbitrary code via an invalid size value in a packet to TCP port 2512 or 2513.

References (8)

[Vendor Advisory] http://secunia.com/advisories/28508

[Patch] http://support.citrix.com/article/CTX114487

[US Government Resource] http://www.kb.cert.org/vuls/id/412228

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1019231

[Third Party Advisory] http://zerodayinitiative.com/advisories/ZDI-08-002.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/486585/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/27329

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/0172

Scores

EPSS 0.7117

EPSS Percentile 98.7%

Classification

CWE

CWE-119

Status draft

Affected Products (4)

citrix/access_essentials < 2.0

citrix/desktop_server

citrix/metaframe_presentation_server < 4.5

citrix/presentation_server

Timeline

Published Jan 18, 2008

Tracked Since Feb 18, 2026