NUEVA VULNERABILIDAD, Citrix XenApp Onine Plug-in ActiveX Control Remote Code Execution Vulnerability
Posted: 5/8/10 by komz in Etiquetas: ActiveX Control Remote Code Execution Vulnerability, citrix, VulnerabilidadesCitrix XenApp Online Plug-in is prone to a remote code-execution vulnerability that affects the ICA Client ActiveX Object (ICO) component.
An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage.
Successful exploits will allow the attacker to execute arbitrary code within the context of the application, typically Internet Explorer, that uses the ActiveX control.
Citrix XenApp Online Plug-in versions prior to 12.0.3 are vulnerable.
REFERENCIA DE LA VULNERABILIDAD
Desde Vulnerability Team exortamos a los usuarios y administradores revisar las notificaciones y aplicar las actualizaciones necesarias, para ayudar a mitigar los riesgos.
fuente: securityfocus.com