Vulnerability Description
Stack-based buffer overflow in the print provider library (cpprov.dll) in Citrix Presentation Server 4.0, MetaFrame Presentation Server 3.0, and MetaFrame XP 1.0 allows local users and remote attackers to execute arbitrary code via long arguments to the (1) EnumPrintersW and (2) OpenPrinter functions.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Citrix | Metaframe | 1.0 |
| Citrix | Metaframe Presentation Server | 3.0 |
Related Weaknesses (CWE)
References
- http://osvdb.org/32958
- http://secunia.com/advisories/23869Vendor Advisory
- http://securitytracker.com/id?1017553
- http://support.citrix.com/article/CTX111686Vendor Advisory
- http://www.securityfocus.com/archive/1/458002/100/0/threaded
- http://www.securityfocus.com/bid/22217
- http://www.securityfocus.com/data/vulnerabilities/exploits/testlpc.c
- http://www.vupen.com/english/advisories/2007/0328Vendor Advisory
- http://www.zerodayinitiative.com/advisories/ZDI-07-006.html
- http://osvdb.org/32958
- http://secunia.com/advisories/23869Vendor Advisory
- http://securitytracker.com/id?1017553
- http://support.citrix.com/article/CTX111686Vendor Advisory
- http://www.securityfocus.com/archive/1/458002/100/0/threaded
- http://www.securityfocus.com/bid/22217
FAQ
What is CVE-2007-0444?
CVE-2007-0444 is a vulnerability with a CVSS score of 7.2 (HIGH). Stack-based buffer overflow in the print provider library (cpprov.dll) in Citrix Presentation Server 4.0, MetaFrame Presentation Server 3.0, and MetaFrame XP 1.0 allows local users and remote attacker...
How severe is CVE-2007-0444?
CVE-2007-0444 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-0444?
Check the references section above for vendor advisories and patch information. Affected products include: Citrix Metaframe, Citrix Metaframe Presentation Server.