CVE-2007-0444: Buffer Overflow
First published: Wed Jan 24 2007(Updated: )
Stack-based buffer overflow in the print provider library (cpprov.dll) in Citrix Presentation Server 4.0, MetaFrame Presentation Server 3.0, and MetaFrame XP 1.0 allows local users and remote attackers to execute arbitrary code via long arguments to the (1) EnumPrintersW and (2) OpenPrinter functions.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Citrix MetaFrame | =1.0 | |
| Citrix Presentation Server | =3.0 | |
| Citrix Presentation Server | =4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.zerodayinitiative.com/advisories/ZDI-07-006.html
- http://support.citrix.com/article/CTX111686
- http://www.securityfocus.com/data/vulnerabilities/exploits/testlpc.c
- http://www.securityfocus.com/bid/22217
- http://securitytracker.com/id?1017553
- http://secunia.com/advisories/23869
- http://osvdb.org/32958
- http://www.vupen.com/english/advisories/2007/0328
- http://www.securityfocus.com/archive/1/458002/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2007-0444?
CVE-2007-0444 is considered a high severity vulnerability due to the potential for arbitrary code execution.
How do I fix CVE-2007-0444?
To fix CVE-2007-0444, apply the latest security patches provided by Citrix for affected versions.
Who is affected by CVE-2007-0444?
CVE-2007-0444 affects Citrix Presentation Server versions 4.0 and MetaFrame versions 3.0 and 1.0.
What types of attacks are possible due to CVE-2007-0444?
CVE-2007-0444 allows both local users and remote attackers to execute arbitrary code on the affected systems.
What components are involved in CVE-2007-0444?
CVE-2007-0444 involves a stack-based buffer overflow in the print provider library cpprov.dll.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/citrix
- canonical/citrix metaframe
- version/citrix metaframe/1.0
- canonical/citrix presentation server
- version/citrix presentation server/3.0
- version/citrix presentation server/4.0