Vulnerabilities > CVE-2006-5821 - Unspecified vulnerability in Citrix Metaframe and Metaframe Presentation Server

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

citrix

NVD

Published: 2006-11-10

Updated: 2018-10-17

Summary

Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ImaSystem.dll for Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to execute arbitrary code via requests to the Independent Management Architecture (IMA) service (ImaSrv.exe) with invalid size values that trigger the overflow during decryption.

Vulnerable Configurations

Part	Description	Count
Application	Citrix Citrix Metaframe Presentation Server 4.0 Citrix Metaframe 1.0 Citrix Metaframe 3.0	5

References

http://www.zerodayinitiative.com/advisories/ZDI-06-038.html
http://support.citrix.com/article/CTX111186
http://www.securityfocus.com/bid/20986
http://secunia.com/advisories/22802
http://securitytracker.com/id?1017205
http://www.vupen.com/english/advisories/2006/4429
https://exchange.xforce.ibmcloud.com/vulnerabilities/30148
http://www.securityfocus.com/archive/1/451337/100/100/threaded