Citrix XenApp Online Plug-in is prone to a remote code-execution vulnerability that affects the ICA Client ActiveX Object (ICO) component.

An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage.

Successful exploits will allow the attacker to execute arbitrary code within the context of the application, typically Internet Explorer, that uses the ActiveX control.

Citrix XenApp Online Plug-in versions prior to 12.0.3 are vulnerable.

Desde Vulnerability Team exortamos a los usuarios y administradores revisar las notificaciones y aplicar las actualizaciones necesarias, para ayudar a mitigar los riesgos.

fuente: securityfocus.com 

0 comentarios: