CVE-2010-2990 - Vulnerability Details - OpenCVE

Citrix Online Plug-in for Windows for XenApp & XenDesktop before 11.2, Citrix Online Plug-in for Mac for XenApp & XenDesktop before 11.0, Citrix ICA Client for Linux before 11.100, Citrix ICA Client for Solaris before 8.63, and Citrix Receiver for Windows Mobile before 11.5 allow remote attackers to execute arbitrary code via (1) a crafted HTML document, (2) a crafted .ICA file, or (3) a crafted type field in an ICA graphics packet, related to a "heap offset overflow" issue.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Citrix	Ica Client For Linux Ica Client For Solaris Online Plug-in For Mac For Xenapp \& Xendesktop Online Plug-in For Windows For Xenapp \& Xendesktop Receiver For Windows Mobile

Configuration 1 [-]

OR	cpe:2.3:a:citrix:ica_client_for_linux::::::::
	cpe:2.3:a:citrix:ica_client_for_solaris::::::::
	cpe:2.3:a:citrix:online_plug-in_for_mac_for_xenapp_\&_xendesktop::::::::
	cpe:2.3:a:citrix:online_plug-in_for_windows_for_xenapp_\&_xendesktop::::::::
	cpe:2.3:a:citrix:receiver_for_windows_mobile::::::::

No data.

References

Link	Providers
http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0040.html
http://secunia.com/advisories/40808
http://support.citrix.com/article/CTX125975
http://www.securityfocus.com/archive/1/512861/100/0/threaded

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-08-11T19:00:00

Updated: 2024-08-07T02:55:46.512Z

Reserved: 2010-08-11T00:00:00

Link: CVE-2010-2990

Vulnrichment

No data.

NVD

Status : Modified

Published: 2010-08-11T20:00:01.360

Modified: 2024-11-21T01:17:48.503

Link: CVE-2010-2990

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-08-04T00:00:00", "descriptions": [{"lang": "en", "value": "Citrix Online Plug-in for Windows for XenApp & XenDesktop before 11.2, Citrix Online Plug-in for Mac for XenApp & XenDesktop before 11.0, Citrix ICA Client for Linux before 11.100, Citrix ICA Client for Solaris before 8.63, and Citrix Receiver for Windows Mobile before 11.5 allow remote attackers to execute arbitrary code via (1) a crafted HTML document, (2) a crafted .ICA file, or (3) a crafted type field in an ICA graphics packet, related to a \"heap offset overflow\" issue."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20100804 Heap Offset Overflow in Citrix ICA Clients", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/512861/100/0/threaded"}, {"name": "20100804 Heap Offset Overflow in Citrix ICA Clients", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0040.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.citrix.com/article/CTX125975"}, {"name": "40808", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/40808"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-2990", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Citrix Online Plug-in for Windows for XenApp & XenDesktop before 11.2, Citrix Online Plug-in for Mac for XenApp & XenDesktop before 11.0, Citrix ICA Client for Linux before 11.100, Citrix ICA Client for Solaris before 8.63, and Citrix Receiver for Windows Mobile before 11.5 allow remote attackers to execute arbitrary code via (1) a crafted HTML document, (2) a crafted .ICA file, or (3) a crafted type field in an ICA graphics packet, related to a \"heap offset overflow\" issue."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20100804 Heap Offset Overflow in Citrix ICA Clients", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/512861/100/0/threaded"}, {"name": "20100804 Heap Offset Overflow in Citrix ICA Clients", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0040.html"}, {"name": "http://support.citrix.com/article/CTX125975", "refsource": "CONFIRM", "url": "http://support.citrix.com/article/CTX125975"}, {"name": "40808", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/40808"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T02:55:46.512Z"}, "title": "CVE Program Container", "references": [{"name": "20100804 Heap Offset Overflow in Citrix ICA Clients", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/512861/100/0/threaded"}, {"name": "20100804 Heap Offset Overflow in Citrix ICA Clients", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0040.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.citrix.com/article/CTX125975"}, {"name": "40808", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/40808"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-2990", "datePublished": "2010-08-11T19:00:00", "dateReserved": "2010-08-11T00:00:00", "dateUpdated": "2024-08-07T02:55:46.512Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:citrix:ica_client_for_linux:*:*:*:*:*:*:*:*", "matchCriteriaId": "B62D9D16-AE12-4DBE-8B61-457B8076E361", "versionEndIncluding": "11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:ica_client_for_solaris:*:*:*:*:*:*:*:*", "matchCriteriaId": "D4FBABF7-9597-445F-8E66-A0FA6E93CCDA", "versionEndIncluding": "8.62", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:online_plug-in_for_mac_for_xenapp_\\&_xendesktop:*:*:*:*:*:*:*:*", "matchCriteriaId": "9322085F-F701-4ABA-8286-84926694C51D", "versionEndIncluding": "10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:online_plug-in_for_windows_for_xenapp_\\&_xendesktop:*:*:*:*:*:*:*:*", "matchCriteriaId": "B1A5848B-CE27-4BF6-8BB1-BF3C37636BA9", "versionEndIncluding": "11.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:receiver_for_windows_mobile:*:*:*:*:*:*:*:*", "matchCriteriaId": "8709CC49-49D9-48F9-8559-A6E7A7E4ABE4", "versionEndIncluding": "11.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Citrix Online Plug-in for Windows for XenApp & XenDesktop before 11.2, Citrix Online Plug-in for Mac for XenApp & XenDesktop before 11.0, Citrix ICA Client for Linux before 11.100, Citrix ICA Client for Solaris before 8.63, and Citrix Receiver for Windows Mobile before 11.5 allow remote attackers to execute arbitrary code via (1) a crafted HTML document, (2) a crafted .ICA file, or (3) a crafted type field in an ICA graphics packet, related to a \"heap offset overflow\" issue."}, {"lang": "es", "value": "Citrix Online Plug-in para Windows para XenApp & XenDesktop anterior v11.2, Citrix Online Plug-in para Mac para XenApp & XenDesktop anterior v11.0, Citrix ICA Client para Linux anterior v11.100, Citrix ICA Client para Solaris anterior v8.63, y Citrix Receiver para Windows Mobile before v11.5 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de (1) un documento\r\nHTML manipulado, (2) un fichero .ICA manipulado, o (3) un tipo de campo manipulado, en un paquete gr\u00e1fico ICA, relacionado con el tema de \"desbordamiento de pila offset\"."}], "id": "CVE-2010-2990", "lastModified": "2024-11-21T01:17:48.503", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2010-08-11T20:00:01.360", "references": [{"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0040.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/40808"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://support.citrix.com/article/CTX125975"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/512861/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0040.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/40808"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://support.citrix.com/article/CTX125975"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/512861/100/0/threaded"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}