SHELLCODE: Decoder Loop 1 (UDP-CTS)
This signature detects a known malicious shellcode decoder. Decoders are used to hide malicious shellcode from detection.
Extended Description
The Citrix Program Neighborhood is prone to a stack-based overflow. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer. This issue allows remote attackers to execute arbitrary machine code in the context of vulnerable client applications. In order to exploit this issue, affected clients must connect to a malicious server. Attacks against the DNS infrastructure used by clients, social engineering, or other methods may be employed to achieve this. Alternatively, attackers must have access to a computer in the same LAN as targeted clients. Versions 9.1 and prior of the Citrix Program Neighborhood client are vulnerable to this issue.
Affected Products
Citrix ica_program_neighborhood_client
Short Name
SHELLCODE:ACTIVE:DCDR-1-UDP-CTS
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
SHELLCODE
Keywords
(UDP-CTS) 1 CVE-2005-3652 Decoder Loop bid:15907
Release Date
10/20/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3710
Port
UDP/0-52,54-66,70-122,124,136,140-160,163-388,390-635,637-65535
False Positive
Unknown
Vendors
Citrix