Citrix.IMA.Service.Remote.Command.Execution
Description
This indicates an attack attempt against a heap-overflow vulnerability in Citrix Independent Management Architecture service (ImaSrv.exe).
The vulnerability is caused by an error when the vulnerable software handles malformed data to TCP ports 2512 and 2513. It allows a remote attacker to execute arbitrary code.
Affected Products
Metaframe Presentation Server 3.0
Presentation Server 4.0, 4.5
Access Essentials 1.0, 1.5, 2.0
Desktop Server 1.0
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Install the update available at the following web site:
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |