Vulnerability Details CVE-2008-0356
Buffer overflow in the Independent Management Architecture (IMA) service in Citrix Presentation Server (MetaFrame Presentation Server) 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 allows remote attackers to execute arbitrary code via an invalid size value in a packet to TCP port 2512 or 2513.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.712
EPSS Ranking 98.7%
CVSS Severity
CVSS v2 Score 10.0
References
- http://secunia.com/advisories/28508
- http://support.citrix.com/article/CTX114487
- http://www.kb.cert.org/vuls/id/412228
- http://www.securityfocus.com/archive/1/486585/100/0/threaded
- http://www.securityfocus.com/bid/27329
- http://www.securitytracker.com/id?1019231
- http://www.vupen.com/english/advisories/2008/0172
- http://zerodayinitiative.com/advisories/ZDI-08-002.html
- http://secunia.com/advisories/28508
- http://support.citrix.com/article/CTX114487
- http://www.kb.cert.org/vuls/id/412228
- http://www.securityfocus.com/archive/1/486585/100/0/threaded
- http://www.securityfocus.com/bid/27329
- http://www.securitytracker.com/id?1019231
- http://www.vupen.com/english/advisories/2008/0172
- http://zerodayinitiative.com/advisories/ZDI-08-002.html
Products affected by CVE-2008-0356
-
cpe:2.3:a:citrix:access_essentials:-
-
cpe:2.3:a:citrix:access_essentials:1.0
-
cpe:2.3:a:citrix:access_essentials:1.5
-
cpe:2.3:a:citrix:access_essentials:2.0
-
cpe:2.3:a:citrix:desktop_server:1.0
-
cpe:2.3:a:citrix:metaframe_presentation_server:-
-
cpe:2.3:a:citrix:metaframe_presentation_server:3.0
-
cpe:2.3:a:citrix:metaframe_presentation_server:4.0
-
cpe:2.3:a:citrix:metaframe_presentation_server:4.5
-
cpe:2.3:a:citrix:presentation_server:-
-
cpe:2.3:a:citrix:presentation_server:4.0
-
cpe:2.3:a:citrix:presentation_server:4.5