Vulnerabilities > CVE-2006-6334 - Buffer Overflow vulnerability in Citrix Presentation Server Client WFICA.OCX ActiveX Component Heap
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Heap-based buffer overflow in the SendChannelData function in wfica.ocx in Citrix Presentation Server Client before 9.230 for Windows allows remote malicious web sites to execute arbitrary code via a DataSize parameter that is less than the length of the Data buffer.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description Citrix Presentation Server Client WFICA.OCX ActiveX Heap BOF Exploit. CVE-2006-6334. Remote exploit for windows platform file exploits/windows/remote/5106.html id EDB-ID:5106 last seen 2016-01-31 modified 2008-02-12 platform windows port published 2008-02-12 reporter Elazar source https://www.exploit-db.com/download/5106/ title Citrix Presentation Server Client - WFICA.OCX ActiveX Heap BoF Exploit type remote description Citrix Presentation Server Client 9.200 WFICA.OCX ActiveX Component Heap Buffer Overflow Vulnerability. CVE-2006-6334. Remote exploit for windows platform id EDB-ID:29230 last seen 2016-02-03 modified 2006-12-06 published 2006-12-06 reporter Andrew Christensen source https://www.exploit-db.com/download/29230/ title Citrix Presentation Server Client 9.200 - WFICA.OCX ActiveX Component Heap Buffer Overflow Vulnerability
Packetstorm
| data source | https://packetstormsecurity.com/files/download/63580/citrix-overflow.txt |
| id | PACKETSTORM:63580 |
| last seen | 2016-12-05 |
| published | 2008-02-13 |
| reporter | Elazar Broad |
| source | https://packetstormsecurity.com/files/63580/citrix-overflow.txt.html |
| title | citrix-overflow.txt |
Seebug
bulletinFamily exploit description No description provided by source. id SSV:82752 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-82752 title Citrix Presentation Server Client 9.200 WFICA.OCX ActiveX Component Heap Buffer Overflow Vulnerability bulletinFamily exploit description No description provided by source. id SSV:65194 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-65194 title Citrix Presentation Server Client WFICA.OCX ActiveX - Heap BOF Exploit bulletinFamily exploit description No description provided by source. id SSV:8090 last seen 2017-11-19 modified 2008-02-14 published 2008-02-14 reporter Root source https://www.seebug.org/vuldb/ssvid-8090 title Citrix Presentation Server Client WFICA.OCX ActiveX Heap BOF Exploit
References
- http://fortconsult.net/files/fortconsult.dk/citrix_advisory_dec2006.pdf
- http://secunia.com/advisories/23246
- http://securityreason.com/securityalert/1995
- http://securitytracker.com/id?1017343
- http://support.citrix.com/article/CTX111827
- http://www.citrix.com/English/SS/downloads/downloads.asp?dID=2755
- http://www.kb.cert.org/vuls/id/210969
- http://www.securityfocus.com/archive/1/453760/100/0/threaded
- http://www.securityfocus.com/bid/21458
- http://www.tippingpoint.com/security/advisories/TSRT-06-15.html
- http://www.vupen.com/english/advisories/2006/4865
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30740
- https://www.exploit-db.com/exploits/5106