Vulnerabilities > CVE-2006-5821 - Remote vulnerability in Citrix Metaframe and Metaframe Presentation Server

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

citrix

NVD

Published: 2006-11-10

Updated: 2018-10-17

Summary

Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ImaSystem.dll for Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to execute arbitrary code via requests to the Independent Management Architecture (IMA) service (ImaSrv.exe) with invalid size values that trigger the overflow during decryption.

Vulnerable Configurations

Part	Description	Count
Application	Citrix Citrix Metaframe 1.0 Citrix Metaframe 3.0 Citrix Metaframe Presentation Server 4.0	5

References

http://secunia.com/advisories/22802
http://securitytracker.com/id?1017205
http://support.citrix.com/article/CTX111186
http://www.securityfocus.com/archive/1/451337/100/100/threaded
http://www.securityfocus.com/bid/20986
http://www.vupen.com/english/advisories/2006/4429
http://www.zerodayinitiative.com/advisories/ZDI-06-038.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/30148