Citrix Provisioning Services 'streamprocess.exe' Component Remote Code Execution Vulnerability Network Vulnerability

Summary

This host is installed with Citrix Provisioning Services and is prone to remote code execution vulnerability.

Impact

Successful exploitation could allow remote attackers to execute arbitrary code in the context of the SYSTEM user. Impact Level: Application/System

Solution

Upgrade to Citrix Provisioning Services version 5.6 SP1 or later, For updates refer to http://support.citrix.com/article/CTX127123

Insight

The flaw is due to an error in the 'streamprocess.exe' component when handling a '0x40020010' type packet. This can be exploited to cause a stack based buffer overflow via a specially crafted packet sent to UDP port 6905.

Affected

Citrix Provisioning Services version 5.6 and prior.

References

http://secunia.com/advisories/42954
http://support.citrix.com/article/CTX127149
http://www.zerodayinitiative.com/advisories/ZDI-11-023/

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

ChaSen Buffer Overflow Vulnerability (Windows)
Cscope putstring Multiple Buffer Overflow vulnerability
Adobe Reader Buffer Overflow Vulnerability Sep09 (Win)
ALZip MIM File Processing Buffer Overflow Vulnerability
Adobe InDesign 'INDD' File Handling Remote Buffer Overflow Vulnerability

Take action and discover your vulnerabilities