Executive Summary

Title Citrix Presentation Server heap based buffer overflow
Name VU#412228 First vendor Publication 2008-01-22
Vendor VU-CERT Last vendor Modification 2008-01-22
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


Vulnerability Note VU#412228

Citrix Presentation Server heap based buffer overflow


A heap-based buffer overflow in Citrix Presentation Server may allow a remote attacker to execute arbitrary code on an vulnerable system in the context of the system user.

I. Description

Citrix Presentation Server is an application delivery system providing access to users accross a network. Presentation Server includes the Independent Management Architecture (IMA) service, which is responsible for the deployment of applications, policies, and other resources of remote hosts. The IMA service (ImaSrv.exe) listens by default on 2512/tcp or 2513/tcp. The service contains a boundary error which can be exploited by an attacker by sending a maliciously crafted packet to port 2512/tcp or 2513/tcp to initiate the buffer overflow.

II. Impact

By sending a maliciously crafted packet to port 2512/tcp or 2513/tcp, a remote attacker could execute arbitrary code on an vulnerable system in the context of the system user.

III. Solution

Apply the updates to this vulnerability as provided in Citrix Knowledge Center Article CTX114487.

Systems Affected

VendorStatusDate Updated




This vulnerability was discovered by Eric Detoisien and reported via TippingPoint/ZDI.

This document was written by Joseph W. Pruszynski.

Other Information

Date Public01/17/2008
Date First Published01/22/2008 04:52:13 PM
Date Last Updated01/22/2008
CERT Advisory 
CVE Name 
Document Revision18

Original Source

Url : http://www.kb.cert.org/vuls/id/412228

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

Application 3
Application 1
Application 6
Application 1

Open Source Vulnerability Database (OSVDB)

Id Description
40860 Citrix Presentation Server Independent Management Architecture (IMA) Service ...

A remote overflow exists in Citrix Presentation Server Independent Management Architecture Service. The service fails to validate a parameter used for memory allocation, which may result in a heap overflow if an attacker sends an overly large packet. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of confidentiality, integrity, or availability.

Information Assurance Vulnerability Management (IAVM)

Date Description
2008-01-30 IAVM : 2008-T-0004 - Citrix Presentation Server IMA Service Buffer Overflow Vulnerability
Severity : Category II - VMSKEY : V0015730

Snort® IPS/IDS

Date Description
2014-01-10 Citrix MetaFrame IMA buffer overflow attempt
RuleID : 13519 - Revision : 9 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

Date Description
2013-07-30 Name : The remote host has a virtualization application installed that is affected b...
File : citrix_presentation_server_ctx114487.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
Date Informations
2014-02-17 12:07:49
  • Multiple Updates