CVE-2006-6334 - OpenCVE

Heap-based buffer overflow in the SendChannelData function in wfica.ocx in Citrix Presentation Server Client before 9.230 for Windows allows remote malicious web sites to execute arbitrary code via a DataSize parameter that is less than the length of the Data buffer.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Citrix	Presentation Server Client

Configuration 1 [-]

cpe:2.3:a:citrix:presentation_server_client:*:*:windows:*:*:*:*:*

References

Link	Resource
http://fortconsult.net/files/fortconsult.dk/citrix_advisory_dec2006.pdf
http://secunia.com/advisories/23246	Vendor Advisory
http://securityreason.com/securityalert/1995
http://securitytracker.com/id?1017343	Patch Vendor Advisory
http://support.citrix.com/article/CTX111827	Exploit Patch Vendor Advisory
http://www.citrix.com/English/SS/downloads/downloads.asp?dID=2755	Patch Vendor Advisory
http://www.kb.cert.org/vuls/id/210969	US Government Resource
http://www.securityfocus.com/archive/1/453760/100/0/threaded
http://www.securityfocus.com/bid/21458	Vendor Advisory
http://www.tippingpoint.com/security/advisories/TSRT-06-15.html	Exploit Patch Vendor Advisory
http://www.vupen.com/english/advisories/2006/4865
https://exchange.xforce.ibmcloud.com/vulnerabilities/30740
https://www.exploit-db.com/exploits/5106

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-12-08T01:00:00

Updated: 2018-10-17T20:57:01

Reserved: 2006-12-06T00:00:00

Link: CVE-2006-6334

JSON object: View

NVD Information

Status : Modified

Published: 2006-12-08T01:28:00.000

Modified: 2018-10-17T21:47:44.300

Link: CVE-2006-6334

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-12-04T00:00:00", "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the SendChannelData function in wfica.ocx in Citrix Presentation Server Client before 9.230 for Windows allows remote malicious web sites to execute arbitrary code via a DataSize parameter that is less than the length of the Data buffer."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "23246", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23246"}, {"name": "1995", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/1995"}, {"name": "ADV-2006-4865", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/4865"}, {"name": "citrix-wfica-bo(30740)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30740"}, {"name": "21458", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/21458"}, {"name": "5106", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/5106"}, {"name": "VU#210969", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/210969"}, {"tags": ["x_refsource_MISC"], "url": "http://www.tippingpoint.com/security/advisories/TSRT-06-15.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.citrix.com/article/CTX111827"}, {"tags": ["x_refsource_MISC"], "url": "http://fortconsult.net/files/fortconsult.dk/citrix_advisory_dec2006.pdf"}, {"name": "1017343", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017343"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.citrix.com/English/SS/downloads/downloads.asp?dID=2755"}, {"name": "20061207 TSRT-06-15: Citrix Presentation Server Client ActiveX Heap Overflow Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/453760/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-6334", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Heap-based buffer overflow in the SendChannelData function in wfica.ocx in Citrix Presentation Server Client before 9.230 for Windows allows remote malicious web sites to execute arbitrary code via a DataSize parameter that is less than the length of the Data buffer."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "23246", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23246"}, {"name": "1995", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1995"}, {"name": "ADV-2006-4865", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4865"}, {"name": "citrix-wfica-bo(30740)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30740"}, {"name": "21458", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21458"}, {"name": "5106", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/5106"}, {"name": "VU#210969", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/210969"}, {"name": "http://www.tippingpoint.com/security/advisories/TSRT-06-15.html", "refsource": "MISC", "url": "http://www.tippingpoint.com/security/advisories/TSRT-06-15.html"}, {"name": "http://support.citrix.com/article/CTX111827", "refsource": "CONFIRM", "url": "http://support.citrix.com/article/CTX111827"}, {"name": "http://fortconsult.net/files/fortconsult.dk/citrix_advisory_dec2006.pdf", "refsource": "MISC", "url": "http://fortconsult.net/files/fortconsult.dk/citrix_advisory_dec2006.pdf"}, {"name": "1017343", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017343"}, {"name": "http://www.citrix.com/English/SS/downloads/downloads.asp?dID=2755", "refsource": "CONFIRM", "url": "http://www.citrix.com/English/SS/downloads/downloads.asp?dID=2755"}, {"name": "20061207 TSRT-06-15: Citrix Presentation Server Client ActiveX Heap Overflow Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/453760/100/0/threaded"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-6334", "datePublished": "2006-12-08T01:00:00", "dateReserved": "2006-12-06T00:00:00", "dateUpdated": "2018-10-17T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:citrix:presentation_server_client:*:*:windows:*:*:*:*:*", "matchCriteriaId": "A4D7FFE0-939F-4A9A-8FA2-B9AA812E87A7", "versionEndIncluding": "9.200", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the SendChannelData function in wfica.ocx in Citrix Presentation Server Client before 9.230 for Windows allows remote malicious web sites to execute arbitrary code via a DataSize parameter that is less than the length of the Data buffer."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en mont\u00f3n en la funci\u00f3n SendChannelData en wfica.ocx de Citrix Presentation Server Client versiones anteriores a 9.230 para Windows permite a sitios web remotos maliciosos ejecutar c\u00f3digo de su elecci\u00f3n mediante un par\u00e1metro DataSize que es menor que la longitud del b\u00fafer Data."}], "id": "CVE-2006-6334", "lastModified": "2018-10-17T21:47:44.300", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2006-12-08T01:28:00.000", "references": [{"source": "cve@mitre.org", "url": "http://fortconsult.net/files/fortconsult.dk/citrix_advisory_dec2006.pdf"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23246"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/1995"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://securitytracker.com/id?1017343"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://support.citrix.com/article/CTX111827"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.citrix.com/English/SS/downloads/downloads.asp?dID=2755"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/210969"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/453760/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.securityfocus.com/bid/21458"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://www.tippingpoint.com/security/advisories/TSRT-06-15.html"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/4865"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30740"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/5106"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}