CVE-2010-2991

Published: Aug 11, 2010Modified: Apr 29, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

The IICAClient interface in the ICAClient library in the ICA Client ActiveX Object (aka ICO) component in Citrix Online Plug-in for Windows for XenApp & XenDesktop before 12.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document that triggers the reading of a .ICA file.

Affected (2)

Products: Citrix: Online Plug In For Windows For Xenapp & Xendesktop

1 product

Online Plug In For Windows For Xenapp & Xendesktop

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Citrix Online Plug In For Windows For Xenapp & Xendesktop	Up to 12.0
Citrix Online Plug In For Windows For Xenapp & Xendesktop	Version 11.1

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (8)

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=875

Source: cve@mitre.org

http://secunia.com/advisories/40819

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/40821

Source: cve@mitre.org

Vendor Advisory

http://support.citrix.com/article/CTX125976

Source: cve@mitre.org

PatchVendor Advisory

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=875

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/40819

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/40821

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://support.citrix.com/article/CTX125976

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.