Citrix Metaframe Instability

vendor:

Metaframe

by:

SecurityFocus

7.5

CVSS

HIGH

Buffer Overflow

120

CWE

Product Name: Metaframe

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: Yes

Related CWE: N/A

CPE: a:citrix:metaframe

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Microsoft Windows

2002

Citrix Metaframe Instability

It has been discovered that Metaframe can be made to become unstable. By connecting to the Metaframe server using custom-crafted Java ICA files, a remote user may be able to create instability in the Metaframe server. The server typically reacts to this vulnerability by disconnecting all users, and either crashing requiring a manual reboot, or crashing and rebooting.

Mitigation:

The vendor has released a patch to address this issue.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5439/info

Citrix Metaframe is a commercial available remote desktop application. This issue affects Metaframe on the Microsoft Windows platform.

It has been discovered that Metaframe can be made to become unstable. By connecting to the Metaframe server using custom-crafted Java ICA files, a remote user may be able to create instability in the Metaframe server. The server typically reacts to this vulnerability by disconnecting all users, and either crashing requiring a manual reboot, or crashing and rebooting.

Change the following value:

applet code="com.citrix.JICA.class" archive="jicaengn.jar" width="800"
height="600"

to:

applet code="com.citrix.JICA.class" archive="jicaengn.jar" width=100%
height=100%

Load in a browser, set the browser to full-screen mode, and refresh.