CVE-2012-4603 — Improper Input Validation in Citrix Receiver

CWE-20 — Improper Input Validation3 documents3 sources

Severity

7.8HIGHNVD

EPSS

5.8%

top 9.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Receiver Citrix Xenapp Online Citrix Xenapp

Timeline

PublishedJan 10

Latest updateApr 23

Description

Citrix XenApp Online Plug-in for Windows 12.1 and earlier, and Citrix Receiver for Windows 3.2 and earlier could allow remote attackers to execute arbitrary code by convincing a target to open a specially crafted file from an SMB or WebDAV fileserver.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶NVDcitrix/xenapp_online12.1

▶NVDcitrix/receiver3.2

▶citrixcitrix/xenapp

🔴Vulnerability Details

GHSA

GHSA-777h-83ch-p736: Citrix XenApp Online Plug-in for Windows 12↗2022-04-23

▶

📋Vendor Advisories

Citrix

CVE-2012-4603: Citrix XenApp Online Plug-in for Windows 12.1 and earlier, and Citrix Receiver for Windows 3.2 and earlier could allow remote attackers to execute arb↗2020-01-10

▶