{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"ICA WIn32 Program Neighborhood Client ;","product":{"name":"N/A","vendor":{"name":"Citrix","scada":false}}},{"description":"ICA WIn32 Web Client.","product":{"name":"N/A","vendor":{"name":"Citrix","scada":false}}},{"description":"Citrix Presentation Manager Server ;","product":{"name":"N/A","vendor":{"name":"Citrix","scada":false}}},{"description":"ICA WIn32 Program Neighborhood Agent ;","product":{"name":"N/A","vendor":{"name":"Citrix","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nLe serveur Citrix Presentation Manager Server fournit un composant\nActiveX qui permet l'int\u00e9gration du client dans des pages web. Une\nvuln\u00e9rabilit\u00e9 dans ce composant permet d'ex\u00e9cuter du code arbitraire\ndans le contexte du processus du serveur. Cette attaque utilise une page\nweb sp\u00e9cialement con\u00e7ue \u00e0 cet effet.\n\n## Solution\n\nLa version 9.230 du serveur Citrix Presentation Manager Server corrige\nle probl\u00e8me. Se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour\nl'obtention des correctifs (cf. section Documentation).\n","cves":[],"links":[],"reference":"CERTA-2006-AVI-532","revisions":[{"description":"version initiale.","revision_date":"2006-12-06T00:00:00.000000"}],"risks":[{"description":"Ex\u00e9cution de code arbitraire"}],"summary":"Une vuln\u00e9rabilit\u00e9 dans un composant ActiveX permet d'ex\u00e9cuter du code\narbitraire.\n","title":"Vuln\u00e9rabilit\u00e9 de Citrix","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Citrix CTX111827 du 04 d\u00e9cembre 2006","url":"http://support.citrix.com/article/CTX111827.html"}]}