CVE-2010-2990 Information

Description

Citrix Online Plug-in for Windows for XenApp & XenDesktop before 11.2 Citrix Online Plug-in for Mac for XenApp & XenDesktop before 11.0 Citrix ICA Client for Linux before 11.100 Citrix ICA Client for Solaris before 8.63 and Citrix Receiver for Windows Mobile before 11.5 allow remote attackers to execute arbitrary code via (1) a crafted HTML document (2) a crafted .ICA file or (3) a crafted type field in an ICA graphics packet related to a \heap offset overflow\ issue.

Reference

http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0040.html http://secunia.com/advisories/40808 http://support.citrix.com/article/CTX125975 http://www.securityfocus.com/archive/1/512861/100/0/threaded