Vulnerability Description
Citrix Online Plug-in for Windows for XenApp & XenDesktop before 11.2, Citrix Online Plug-in for Mac for XenApp & XenDesktop before 11.0, Citrix ICA Client for Linux before 11.100, Citrix ICA Client for Solaris before 8.63, and Citrix Receiver for Windows Mobile before 11.5 allow remote attackers to execute arbitrary code via (1) a crafted HTML document, (2) a crafted .ICA file, or (3) a crafted type field in an ICA graphics packet, related to a "heap offset overflow" issue.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Citrix | Ica Client For Linux | <= 11.0 |
| Citrix | Ica Client For Solaris | <= 8.62 |
| Citrix | Online Plug-In For Mac For Xenapp \& Xendesktop | <= 10.0 |
| Citrix | Online Plug-In For Windows For Xenapp \& Xendesktop | <= 11.1 |
| Citrix | Receiver For Windows Mobile | <= 11.0 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0040.html
- http://secunia.com/advisories/40808Vendor Advisory
- http://support.citrix.com/article/CTX125975PatchVendor Advisory
- http://www.securityfocus.com/archive/1/512861/100/0/threaded
- http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0040.html
- http://secunia.com/advisories/40808Vendor Advisory
- http://support.citrix.com/article/CTX125975PatchVendor Advisory
- http://www.securityfocus.com/archive/1/512861/100/0/threaded
FAQ
What is CVE-2010-2990?
CVE-2010-2990 is a vulnerability with a CVSS score of 9.3 (HIGH). Citrix Online Plug-in for Windows for XenApp & XenDesktop before 11.2, Citrix Online Plug-in for Mac for XenApp & XenDesktop before 11.0, Citrix ICA Client for Linux before 11.100, Citrix ICA Client f...
How severe is CVE-2010-2990?
CVE-2010-2990 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-2990?
Check the references section above for vendor advisories and patch information. Affected products include: Citrix Ica Client For Linux, Citrix Ica Client For Solaris, Citrix Online Plug-In For Mac For Xenapp \& Xendesktop, Citrix Online Plug-In For Windows For Xenapp \& Xendesktop, Citrix Receiver For Windows Mobile.