Citrix_Program_Neighborhood_Agent_Buffer_Overflow_attack

There exists a buffer overflow vulnerability in the Citrix Program Neighborhood Agent. The problem can be triggered by sending a crafted XML response to the affected client. Successful exploitation can allow for arbitrary code execution with the privileges of the current user. In an attack scenario, where arbitrary code is injected and executed on the target machine, the behavior of the target is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate as a result of the attack attempt. If unexpected termination of the vulnerable application is the sole result of an attack, the vulnerable application will terminate. As the vulnerable product caches the crafted XML file on the target system, the result of the attack will be repeated upon each restart attempt of the agent application. In order to successfully restart the vulnerable product, appdata.xml file under AppCache directory must be deleted first, otherwise the vulnerable product fails to restart. Note that as the attacker has to run a malicious server and entice the target to access the malicious server, it is difficult to exploit the vulnerability.