Vigil@nce - Citrix XenApp: code execution via the XML Service Interface component
December 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can send a specially ill formed request to the XML
Service Interface component of Citrix XenApp, in order to make it
execute arbitrary machine code.
Impacted products: XenApp
Severity: 2/4
Creation date: 13/12/2012
DESCRIPTION OF THE VULNERABILITY
An attacker can send a specially ill formed request to the XML
Service Interface component of Citrix XenApp, in order to make it
execute arbitrary machine code.
Technicals details are unknown.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN