|TREND MICRO CUSTOMER PROTECTION||Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 4494. For further product information on the TippingPoint IPS: http://www.tippingpoint.com|
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Citrix MetaFrame Presentation Server. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the routine IMA_SECURE_DecryptData1() defined in ImaSystem.dll and is reachable through the Independant Management Architecture (IMA) service (ImaSrv.exe) that listens on TCP port 2512 or 2513. The encryption scheme used is reversible and relies on several 32-bit fields indicating the size of the packet and the offsets to the authentication strings. During the decryption of authentication data an attacker can specify invalid sizes that result in an exploitable heap corruption.
Citrix has issued an update to correct this vulnerability. More details can be found at:
|CREDIT||Eric Detoisien and an anonymous researcher