CVE-2011-2882
Citrix Access Gateway - Memory Corruption
Title source: ruleDescription
Stack-based buffer overflow in the NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 allows remote attackers to execute arbitrary code via crafted HTTP header data.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/17762
metasploit
WORKING POC
NORMAL
by Michal Trojnara, bannedit, sinn3r · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/citrix_gateway_actx.rb
Scores
EPSS
0.7585
EPSS Percentile
98.9%
Details
CWE
CWE-119
Status
published
Products (3)
citrix/access_gateway
8.1
citrix/access_gateway
9.0
citrix/access_gateway
9.1
Published
Jul 21, 2011
Tracked Since
Feb 18, 2026