The flaw could allow an attacker user-level access to execute remote commands on Citrix servers. A security consultancy has identified a vulnerability that could allow an attacker to gain "user access level on integrated remote Citrix servers." GnuCitizen, which identifies itself as a "cutting-edge think tank" and a "creative hacker organization," has posted a warning about a cross-site request forgery attack that can be made in conjunction with a malicious Web site to trick a Citrix user into opening a specially crafted Citrix independent computer architecture (ICA) file that would compromise his or her system.
If successful, the attacker could gain the ability to execute remote commands at the victim’s access level. Security researcher warns about Citrix vulnerability - Security - www.itnews.com.au
From around the Web
- How to Use Network Behavior Analysis Tools
- Apple updates Safari with 11 security fixes
- Mozilla fixes 11 Firefox flaws, six critical
- Google updates Chrome to third beta
- Firefox 3.1 beta arrives with JavaScript booster turned off
- The insider security threat in IT and financial services
- Windows 7 security: An overall improvement?
- Top 10 Network Security Threats
- Big leap in malicious Web sites
- Network security makes a quantum leap
- What is the Best Internet Browser to Surf the Web?
- Windows 7 UAC could be less of a nag
- Microsoft releases faster Desktop Search 4.0
- Vista users keen on SP1, but XP SP3 not so much
- Windows 7 Details In October, Microsoft Says