===================================================================== CERT-Renater Note d'Information No. 2014/VULN168 _____________________________________________________________________ DATE : 14/08/2014 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Windows running Citrix Access Gateway Enterprise Edition Plug-in for Windows. ====================================================================== http://support.citrix.com/article/CTX134303 ______________________________________________________________________ Vulnerabilities in Citrix Access Gateway Enterprise Edition Plug-in for Windows could result in arbitrary code execution CTX134303 Created On Aug 09, 2012 Updated On Aug 09, 2012 Security Bulletin See Applicable Products Severity: High Description of Problem Vulnerabilities have been identified in an ActiveX based component of the Citrix Access Gateway Enterprise Edition Plug-in for Windows. The vulnerabilities, when triggered, could result in arbitrary code being executed in the context of the browser user. Where clients are configured to allow ActiveX objects to be launched by untrusted websites, there is a risk that the client could be affected by these vulnerabilities. In such a deployment, the vulnerabilities could potentially be triggered by a malicious website that instantiates the ActiveX object. These vulnerabilities affect the following versions of the Access Gateway Enterprise Edition software: Version 10.0 prior to 10.0-69.4 Version 9.3 prior to 9.3-57.5 Version 9.2 all versions Version 9.1 all versions Version 9.0 all versions The Windows plug-in for Access Gateway Standard and Advanced Editions are not affected by this vulnerability. This vulnerability has been assigned the following CVE numbers: CVE-2011-2592 CVE-2011-2593 What Customers Should Do Citrix recommends that customers upgrade client and server components of their Citrix Access Gateway deployments to the latest versions. These can be obtained from the following location: https://www.citrix.com/English/ss/downloads/results.asp?productID=15005 As an additional mitigation step, customers should consider using the ActiveX killbit mechanism to prevent usage of the vulnerable control, this has the following CLSID: 391DFC1F-B9B9-4A3D-A352-9A541A3630A6 For more information on setting a killbit, please consult the Microsoft Knowledgebase at the following location: http://support.microsoft.com/kb/240797 What Citrix Is Doing Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Centre at http://support.citrix.com/. Obtaining Support on This Issue If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at http://www.citrix.com/site/ss/supportContacts.asp. Reporting Security Vulnerabilities to Citrix Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. If you would like to report a security issue to Citrix, please compose an e-mail to secure@citrix.com stating the exact version of the product in which the vulnerability was found and the steps needed to reproduce the vulnerability. Applicable Products Access Gateway 10 Access Gateway 9.0 Enterprise Edition Access Gateway 9.1 Enterprise Edition Access Gateway 9.2 Enterprise Edition Access Gateway 9.3 Enterprise Edition ========================================================= Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================