Vulnerability in Citrix Presentation Server’s print provider could result in arbitrary code execution
Severity: High
Description of Problem
The Citrix print provider is used by Citrix Presentation Server to allow users to print to their local printer from published applications. A buffer overflow vulnerability has been reported in this component, this can be exploited by either:
A local API call
An unauthenticated RPC request
This overflow could be used to execute arbitrary code in the context of the Local System account.
This vulnerability is present in all versions of Citrix MetaFrame XP and Presentation Server up to and including 4.0.
Mitigating Factors
Access to the RPC interface would be needed to remotely exploit this issue. In typical deployments of Citrix Presentation Server this interface would not be externally accessible.
What Customers Should Do
A hotfix has been released to address both of these issues. Citrix recommends that affected customers install the hotfix which can be downloaded from the following locations:
MetaFrame XP 1.0 for Windows 2000 Server:
EN - http://support.citrix.com/article/CTX111648
FR - http://support.citrix.com/article/CTX111650
GE - http://support.citrix.com/article/CTX111651
JA - http://support.citrix.com/article/CTX111655
ES - http://support.citrix.com/article/CTX111653
MetaFrame XP 1.0 for Windows Server 2003:
EN - http://support.citrix.com/article/CTX111657
FR - http://support.citrix.com/article/CTX111658
GE - http://support.citrix.com/article/CTX111659
JA - http://support.citrix.com/article/CTX111661
ES - http://support.citrix.com/article/CTX111660
MetaFrame Presentation Server 3.0 for Windows 2000 Server:
EN - http://support.citrix.com/article/CTX111992
FR - http://support.citrix.com/article/CTX111993
GE - http://support.citrix.com/article/CTX111994
JA - http://support.citrix.com/article/CTX111996
ES - http://support.citrix.com/article/CTX111995
MetaFrame Presentation Server 3.0 for Windows Server 2003:
EN - http://support.citrix.com/article/CTX111970
FR - http://support.citrix.com/article/CTX111972
GE - http://support.citrix.com/article/CTX111973
JA - http://support.citrix.com/article/CTX111971
ES - http://support.citrix.com/article/CTX111974
Citrix Presentation Server 4.0 for Windows 2000 Server:
EN - http://support.citrix.com/article/CTX111949
FR - http://support.citrix.com/article/CTX111950
GE - http://support.citrix.com/article/CTX111951
JA - http://support.citrix.com/article/CTX111953
ES - http://support.citrix.com/article/CTX111952
Citrix Presentation Server 4.0 for Windows Server 2003:
EN - http://support.citrix.com/article/CTX111925
FR - http://support.citrix.com/article/CTX111926
GE - http://support.citrix.com/article/CTX111927
JA - http://support.citrix.com/article/CTX111929
ES - http://support.citrix.com/article/CTX111928
Citrix Presentation Server 4.0 for Windows Server 2003 x64 Editions:
EN - http://support.citrix.com/article/CTX111643
FR - http://support.citrix.com/article/CTX111645
GE - http://support.citrix.com/article/CTX111644
JA - http://support.citrix.com/article/CTX111654
ES - http://support.citrix.com/article/CTX111652
Acknowledgements
Citrix thanks TippingPoint and the Zero Day Initiative for working with us to protect customers.