Context discovers Citrix vulnerability
Context has identified a previously unknown vulnerability in the widely used Citrix ICA Client. Our consultant Michael Jordon has discovered that the Citrix Presentation Server Client (as tested on v10.150) does not perform bounds checking on the type field in an ICA "graphics" packet. This creates a theoretical opportunity for an attacker to carry out remote exploitation of any client device upon which the client has been installed.
An attacker would be in a position to execute arbitrary code on the client device if a user can be lured into connecting to a server controlled by the attacker. This could happen if the user visited a malicious website or opened an untrusted email attachment. This issue has affected Windows, Windows Mobile, Linux and Solaris clients. The ICA client for Java, and the Citrix Receivers for iPhone/iPad and Android are not affected.