VULHUB ™

Citrix MetaFrame XP family servers rely on client-supplied configuration when permitting access to published applications. Attackers may change the Citrix ICA Client .ICA configuration file to execute arbitrary programs instead of published applications. Exploitation of this vulnerability may allow for remote compromise. The attacker must details about valid servers/published applications and be able to authenticate to exploit this issue. .ICA files are only relied upon in Citrix networks that do not use a NFuse server to handle access to published applications.

Citrix MetaFrame XP family servers rely on client-supplied configuration when permitting access to published applications. Attackers may change the Citrix ICA Client .ICA configuration file to execute arbitrary programs instead of published applications. Exploitation of this vulnerability may allow for remote compromise. The attacker must details about valid servers/published applications and be able to authenticate to exploit this issue. .ICA files are only relied upon in Citrix networks that do not use a NFuse server to handle access to published applications.