Vulnerability CVE-2007-0444


Published: 2007-01-24   Modified: 2012-02-12

Description:
Stack-based buffer overflow in the print provider library (cpprov.dll) in Citrix Presentation Server 4.0, MetaFrame Presentation Server 3.0, and MetaFrame XP 1.0 allows local users and remote attackers to execute arbitrary code via long arguments to the (1) EnumPrintersW and (2) OpenPrinter functions.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Citrix -> Metaframe 
Citrix -> Metaframe presentation server 

 References:
http://securitytracker.com/id?1017553
http://support.citrix.com/article/CTX111686
http://www.securityfocus.com/archive/1/458002/100/0/threaded
http://www.securityfocus.com/bid/22217
http://www.securityfocus.com/data/vulnerabilities/exploits/testlpc.c
http://www.vupen.com/english/advisories/2007/0328
http://www.zerodayinitiative.com/advisories/ZDI-07-006.html

Copyright 2024, cxsecurity.com

 

Back to Top