CVE-2011-2593
published 2014-08-12CVE-2011-2593: Integer overflow in the StartEpa method in the nsepacom ActiveX control (nsepa.exe) in Citrix Access Gateway Enterprise Edition Plug-in for Windows 9.x before…
PriorityP339medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
3.99%
89.2th percentile
Integer overflow in the StartEpa method in the nsepacom ActiveX control (nsepa.exe) in Citrix Access Gateway Enterprise Edition Plug-in for Windows 9.x before 9.3-57.5 and 10.0 before 10.0-69.4 allows remote attackers to execute arbitrary code via a crafted Content-Length HTTP header, which triggers a heap-based buffer overflow.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | access_gateway_plug-in | <= 9.3 | — |
| citrix | access_gateway_plug-in | — | — |
| citrix | citrix_adm | — | — |
| citrix | citrix_hypervisor | — | — |
| citrix | citrix_virtual_apps_and_desktops | — | — |
| citrix | endpoint_management | — | — |
| citrix | netscaler_adc | — | — |
| citrix | netscaler_gateway | — | — |
| citrix | xenserver | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Citrix
CVE-2011-2593: Integer overflow in the StartEpa method in the nsepacom ActiveX control (nsepa.exe) in Citrix Access Gateway Enterprise Edition Plug-in for Windows 9.
vendor_citrix·2014-08-12·CVSS 6.8
CVE-2011-2593 [MEDIUM] CWE-189 CVE-2011-2593: Integer overflow in the StartEpa method in the nsepacom ActiveX control (nsepa.exe) in Citrix Access Gateway Enterprise Edition Plug-in for Windows 9.
CVE-2011-2593: Integer overflow in the StartEpa method in the nsepacom ActiveX control (nsepa.exe) in Citrix Access Gateway Enterprise Edition Plug-in for Windows 9.x before 9.3-57.5 and 10.0 before 10.0-69.4 allows remote attackers to execute arbitrary code via a crafted Content-Length HTTP header, which triggers a heap-based buffer overflow.
Citrix
Citrix Security Bulletin CTX134303
vendor_citrix·CVSS 9.3
CVE-2011-2592 [CRITICAL] Citrix Security Bulletin CTX134303
Citrix Security Bulletin CTX134303
CVE References: CVE-2011-2592, CVE-2011-2593, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX134303
vendor_citrix·CVSS 6.8
CVE-2011-2593 [MEDIUM] Citrix Security Bulletin CTX134303
Citrix Security Bulletin CTX134303
CVE References: CVE-2011-2593, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
GHSA
GHSA-fxxh-pp9v-6qr6: Integer overflow in the StartEpa method in the nsepacom ActiveX control (nsepa
ghsa_unreviewed·2022-05-17
CVE-2011-2593 [MEDIUM] GHSA-fxxh-pp9v-6qr6: Integer overflow in the StartEpa method in the nsepacom ActiveX control (nsepa
Integer overflow in the StartEpa method in the nsepacom ActiveX control (nsepa.exe) in Citrix Access Gateway Enterprise Edition Plug-in for Windows 9.x before 9.3-57.5 and 10.0 before 10.0-69.4 allows remote attackers to execute arbitrary code via a crafted Content-Length HTTP header, which triggers a heap-based buffer overflow.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/45299http://secunia.com/secunia_research/2012-26http://support.citrix.com/article/CTX134303https://exchange.xforce.ibmcloud.com/vulnerabilities/77317http://secunia.com/advisories/45299http://secunia.com/secunia_research/2012-26http://support.citrix.com/article/CTX134303https://exchange.xforce.ibmcloud.com/vulnerabilities/77317
2014-08-12
Published