Vigil@nce: Citrix Receiver, Online Plug-in, code execution via DLL Preload
September 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can create a malicious DLL and invite the victim to
open a document with Citrix Online Plug-in in the same directory,
in order to execute code.
– Impacted products: XenApp
– Severity: 2/4
– Creation date: 12/09/2012
DESCRIPTION OF THE VULNERABILITY
The Citrix Online Plug-in (Citrix Receiver, XenApp Plug-in)
product loads a DLL when a file is opened.
However, the library is loaded insecurely. An attacker can thus
use the VIGILANCE-VUL-9879 (https://vigilance.fr/tree/1/9879)
vulnerability to execute code.
An attacker can therefore create a malicious DLL and invite the
victim to open a document with Citrix Online Plug-in in the same
directory, in order to execute code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN