Title: Citrix Metaframe Java ICA Environment Denial Of Service Vulnerability
Severity: HIGH
Description:
Citrix Metaframe is a commercially available remote desktop application. This issue affects Metaframe on the Microsoft Windows platform.
A problem with Citrix Metaframe could make it possible for a remote user to crash the system.
It has been discovered that Metaframe can be made to become unstable. By connecting to the Metaframe server using custom-crafted Java ICA files, a remote user may be able to create instability in the Metaframe server. The server typically reacts to this vulnerability by disconnecting all users, and either crashing requiring a manual reboot, or crashing and rebooting.
The problem is in the handling of variables specified in the Java ICA files. Though the exact nature of this vulnerability is unknown, an attacker needs only edit a Java ICA file. Upon loading the file in a browser such as Internet Explorer, and setting the browser to full-screen mode and refreshing, the vulnerable server hosting Citrix crashes.
Affected Products:
- Citrix MetaFrame for Windows NT 4.0 TSE 1.8.0
References:
- Citrix: Citrix Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
