Skip navigation

Two Vulnerabilities in Citrix Program Neighborhood Agent

Reported April 26 2005 by iDEFENSE


Program Neighborhood Agent for Win32

    Citrix MetaFrame Presentation Server client for WinCE


The Citrix Program Neighborhood Agent contains an unchecked buffer that could allow an intruder to run arbitrary code on an affected system. The code would run in the same security context as the user who is currently logged in to the system. The problem exists due to the way the agent software builds the filenames of icons associated with cache applications.

A second vulnerability could allow an intruder to create arbitrary shortcuts in a user's startup folder.


Citrix Systems has released updated versions of its client packages along with an article, "Vulnerabilities in Program Neighborhood Agent could allow arbitrary code execution," that describes the problem.


The unchecked buffer vulnerability was discovered by Patrik Karlsson and reported in conjunction with iDEFENSE. The shortcut creation vulnerability was discovered by iDEFENSE.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.