Title

Citrix Receiver and Online Plug-in for Windows Remote Code Execution Vulnerability (Cat II impact)

Discussion

Citrix has released a security bulletin addressing a vulnerability in Citrix Receiver with Online Plug-In for Windows. Citrix Online Plug-In provide users with access to Citrix products like XenApp and XenDesktop servers. Citrix Receiver is an automated installer and updater for client devices. To exploit this vulnerability, an attacker would entice a user to access a malicious file from a SMB or WebDAV fileserver. If successfully exploited, this vulnerability would allow an attacker to execute arbitrary code on the client device in the context of the logged in user.

Check Content

See IAVM notice and vendor bulletin for additional information. Vulnerable Applications/Systems: Citrix Receiver for Windows version prior to 3.3 with Online Plug-in for Windows version prior to 13.3 Citrix Online Plug-in for Windows Version prior to 12.3 Verify the application's version number by using Help, About or similar menu selections. Ensure the Application/System version is at least the version listed below. Citrix Receiver for Windows version 3.3 with Online Plug-in for Windows version 13.3 or later Citrix Online Plug-in for Windows version 12.3 or later Windows - Alternately, verify the version through the Support information link for the program in Add or Remove Programs or Programs and Features (Vista Forward). To expose the version column in Programs and Features right click somewhere in the column headers, select More and select Version.

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-33808

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.