Citrix Beta Online Plug-in Full version 11.2 – Overview August 10, 2009 November 5, 2019 Stephane Thirion Citrix, Receiver, Windows 7, XenApp Plugin Citrix ICA, Citrix Program Neighborhood, ICA Client, Online Plug-in, PNAgent.
- Citrix Online Plug-in Web can be installed on 32-bit and 64-bit versions of Windows XP/Vista/7/8/10. Our antivirus check shows that this download is safe. This free software is a product of Citrix Systems, Inc.
- Citrix online plug-in dv at UpdateStar More Citrix Online Plug-in 12.3.0.8. Citrix Online, a division of Citrix Systems, Inc.
- To Citrix for producing the most unintuitive install since MS-DOS 4 The second Wow! To Antonio Pereira for figuring out this workaround!
- Citrix Plug-in 11.2 released! RIP Program Neighborhood. Last month, I posted my findings on the beta releases of XenApp 4.5/5.0 HRP5 for Windows 2003 and the 11.2 Plug-in. Today, Citrix released the final Citrix XenApp Online Plug-In 11.2 (formally called XenApp client). See my previous post on more detail on the new features and changes this.
This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided.
Current Description
Citrix Online Plug-in for Windows for XenApp & XenDesktop before 11.2, Citrix Online Plug-in for Mac for XenApp & XenDesktop before 11.0, Citrix ICA Client for Linux before 11.100, Citrix ICA Client for Solaris before 8.63, and Citrix Receiver for Windows Mobile before 11.5 allow remote attackers to execute arbitrary code via (1) a crafted HTML document, (2) a crafted .ICA file, or (3) a crafted type field in an ICA graphics packet, related to a 'heap offset overflow' issue.
Analysis Description
Citrix Online Plug-in for Windows for XenApp & XenDesktop before 11.2, Citrix Online Plug-in for Mac for XenApp & XenDesktop before 11.0, Citrix ICA Client for Linux before 11.100, Citrix ICA Client for Solaris before 8.63, and Citrix Receiver for Windows Mobile before 11.5 allow remote attackers to execute arbitrary code via (1) a crafted HTML document, (2) a crafted .ICA file, or (3) a crafted type field in an ICA graphics packet, related to a 'heap offset overflow' issue.
Severity
CVSS 3.x Severity and Metrics:Citrix Online Plug-in 11.2 Inch
NVD Analysts use publicly available information to associate vector strings and CVSS scores. We also display any CVSS information provided within the CVE List from the CNA.
Note: NVD Analysts have not published a CVSS score for this CVE at this time. NVD Analysts use publicly available information at the time of analysis to associate CVSS vector strings.
Citrix Online Plug-in 11.22
Weakness Enumeration
| CWE-ID | CWE Name | Source |
|---|---|---|
| CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer | NIST |
Known Affected Software Configurations Switch to CPE 2.2
Citrix Online Plug In 11.2 Download
Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.