Wednesday, October 10, 2007

Security Researcher Warns About Citrix Vulnerability

Thomas Claburn writes on InformationWeek:

A security consultancy has identified a vulnerability that could allow an attacker to gain "user access level on integrated remote Citrix servers."

GnuCitizen, which identifies itself as a "cutting-edge think tank" and a "creative hacker organization," has posted a warning about a cross-site request forgery attack that can be made in conjunction with a malicious Web site to trick a Citrix user into opening a specially crafted Citrix independent computer architecture (ICA) file that would compromise his or her system.

If successful, the attacker could gain the ability to execute remote commands at the victim's access level.

More here.

0 Comments:

Post a Comment

<< Home