Metaframe

metaframe

Vendor: Citrix • 10 CVEs

CVEs (10)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2007-2850 1Citrix 2Access Essentials Metaframe Apr 23, 2026 May 24, 2007 N/A· v4 N/A· v3 10.0 HIGH· v2 The Session Reliability Service (XTE) in Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials 1.0 and 1.5, allows remote attackers to bypass network security policies and connect to ar...Show more The Session Reliability Service (XTE) in Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials 1.0 and 1.5, allows remote attackers to bypass network security policies and connect to arbitrary TCP ports via a modified address:port string.Show less
CVE-2007-0444 1Citrix 2Metaframe Metaframe Presentation Server Apr 23, 2026 Jan 24, 2007 N/A· v4 N/A· v3 7.2 HIGH· v2 Stack-based buffer overflow in the print provider library (cpprov.dll) in Citrix Presentation Server 4.0, MetaFrame Presentation Server 3.0, and MetaFrame XP 1.0 allows local users and remote attackers to execute arbitra...Show more Stack-based buffer overflow in the print provider library (cpprov.dll) in Citrix Presentation Server 4.0, MetaFrame Presentation Server 3.0, and MetaFrame XP 1.0 allows local users and remote attackers to execute arbitrary code via long arguments to the (1) EnumPrintersW and (2) OpenPrinter functions.Show less
CVE-2006-5861 1Citrix 2Metaframe Metaframe Presentation Server Apr 23, 2026 Nov 10, 2006 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The Independent Management Architecture (IMA) service (ImaSrv.exe) in Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to cause a denial of service (service exit) via a crafte...Show more The Independent Management Architecture (IMA) service (ImaSrv.exe) in Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to cause a denial of service (service exit) via a crafted packet that causes the service to access an unmapped memory address and triggers an unhandled exception.Show less
CVE-2006-5821 1Citrix 2Metaframe Metaframe Presentation Server Apr 23, 2026 Nov 10, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ImaSystem.dll for Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to execute arbitrary code via requests...Show more Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ImaSystem.dll for Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to execute arbitrary code via requests to the Independent Management Architecture (IMA) service (ImaSrv.exe) with invalid size values that trigger the overflow during decryption.Show less
CVE-2006-3779 1Citrix 3Metaframe Metaframe Presentation ServerPresentation Server Apr 16, 2026 Jul 24, 2006 N/A· v4 N/A· v3 6.5 MEDIUM· v2 Citrix MetaFrame up to XP 1.0 Feature 1, except when running on Windows Server 2003, installs a registry key with an insecure ACL, which allows remote authenticated users to gain privileges.
CVE-2005-3134 1Citrix 1Metaframe Apr 16, 2026 Oct 4, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 Citrix Metaframe Presentation Server 3.0 and 4.0 allows remote attackers to bypass policy restrictions by downloading the launch.ica file and changing the client device name (ClientName).
CVE-2003-1157 1Citrix 1Metaframe Apr 16, 2026 Dec 31, 2003 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in login.asp in Citrix MetaFrame XP Server 1.0 allows remote attackers to inject arbitrary web script or HTML via the NFuse_Message parameter.
CVE-2001-0716 1Citrix 1Metaframe Apr 16, 2026 Dec 6, 2001 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Citrix MetaFrame 1.8 Server with Service Pack 3, and XP Server Service Pack 1 and earlier, allows remote attackers to cause a denial of service (crash) via a large number of incomplete connections to the server.
CVE-2001-0908 1Citrix 1Metaframe Apr 16, 2026 Nov 21, 2001 N/A· v4 N/A· v3 7.5 HIGH· v2 CITRIX Metaframe 1.8 logs the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through Network Addres...Show more CITRIX Metaframe 1.8 logs the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through Network Address Translation (NAT).Show less
CVE-2000-0244 1Citrix 2Metaframe Winframe Apr 16, 2026 Mar 29, 2000 N/A· v4 N/A· v3 10.0 HIGH· v2 The Citrix ICA (Independent Computing Architecture) protocol uses weak encryption (XOR) for user authentication.