CVE-2010-2990

Citrix Online Plug-in and ICA Client - Remote Code Execution via Crafted HTML or ICA File

Title source: llm

Description

Citrix Online Plug-in for Windows for XenApp & XenDesktop before 11.2, Citrix Online Plug-in for Mac for XenApp & XenDesktop before 11.0, Citrix ICA Client for Linux before 11.100, Citrix ICA Client for Solaris before 8.63, and Citrix Receiver for Windows Mobile before 11.5 allow remote attackers to execute arbitrary code via (1) a crafted HTML document, (2) a crafted .ICA file, or (3) a crafted type field in an ICA graphics packet, related to a "heap offset overflow" issue.

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/512861/100/0/threaded

Third Party Advisory mailing-list x_refsource_fulldisc

http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0040.html

Patch, Vendor Advisory x_refsource_confirm

http://support.citrix.com/article/CTX125975

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/40808

Scores

EPSS 0.0552

EPSS Percentile 90.3%

Details

CWE

CWE-119

Status published

Products (5)

citrix/ica_client_for_linux < 11.0

citrix/ica_client_for_solaris < 8.62

citrix/online_plug-in_for_mac_for_xenapp_\&_xendesktop < 10.0

citrix/online_plug-in_for_windows_for_xenapp_\&_xendesktop < 11.1

citrix/receiver_for_windows_mobile < 11.0

Published Aug 11, 2010

Tracked Since Feb 18, 2026