Citrix Access Gateway NESPA ActiveX Control

Added: 09/13/2011
CVE: CVE-2011-2882
BID: 48676
OSVDB: 74191

Background

Citrix Access Gateway is an application remote-access solution.

Problem

The Citrix Access Gateway installs an ActiveX plug-in on the user's browser. Plug-in versions 8.1-67.7, 9.0-70.5, and 9.1-96.4 are vulnerable to a stack overflow.

Resolution

Upgrade the plug-in to the latest version.

References

http://support.citrix.com/article/CTX129902

Limitations

This exploit has been tested against Citrix Systems Access Gateway Plug-in for Windows 8.0.59.1 on Windows XP SP3 English (DEP OptIn) and Windows Vista SP2 (DEP OptIn).

Platforms

Windows

Back to exploit index