Context has identified a previously unknown vulnerability in the widely used Citrix ICA Client. Our consultant Michael Jordon has discovered that the Citrix Presentation Server Client (as tested on v10.150) does not perform bounds checking on the type field in an ICA "graphics" packet. This creates a theoretical opportunity for an attacker to carry out remote exploitation of any client device upon which the client has been installed.
An attacker would be a in a position to execute arbitrary code on the client device if a user can be lured into connecting to a server controlled by the attacker. This could happen if the user visited a malicious website or opened an untrusted email attachment. This issue has affected Windows, Windows Mobile, Linux and Solaris clients. The ICA client for Java, and the Citrix Receivers for iPhone/iPad and Android are not affected.
Citrix has updated the ICA client to resolve these issues. More details are available from the Citirix website.