Description
The IICAClient interface in the ICAClient library in the ICA Client ActiveX Object (aka ICO) component in Citrix Online Plug-in for Windows for XenApp & XenDesktop before 12.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document that triggers the reading of a .ICA file.
References (4)
Core 4
Core References
Third Party Advisory third-party-advisory
x_refsource_idefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=875
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/40821
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/40819
Patch, Vendor Advisory x_refsource_confirm
http://support.citrix.com/article/CTX125976
Scores
EPSS
0.0949
EPSS Percentile
92.9%
Details
CWE
CWE-94
Status
published
Products (2)
citrix/online_plug-in_for_windows_for_xenapp_\&_xendesktop
11.1
citrix/online_plug-in_for_windows_for_xenapp_\&_xendesktop
< 12.0
Published
Aug 11, 2010
Tracked Since
Feb 18, 2026