module

Citrix Gateway ActiveX Control Stack Based Buffer Overflow Vulnerability

Disclosed	Created
Jul 14, 2011	May 30, 2018

Disclosed

Jul 14, 2011

Created

May 30, 2018

Description

This module exploits a stack based buffer overflow in the Citrix Gateway
ActiveX control. Exploitation of this vulnerability requires user interaction.
The victim must click a button in a dialog to begin a scan. This is typical
interaction that users should be accustom to.

Exploitation results in code execution with the privileges of the user who
browsed to the exploit page.

Authors

Michal Trojnara
bannedit [email protected]
sinn3r [email protected]

Platform

Windows

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':


    msf > use exploit/windows/browser/citrix_gateway_actx
    msf exploit(citrix_gateway_actx) > show targets
        ...targets...
    msf exploit(citrix_gateway_actx) > set TARGET < target-id >
    msf exploit(citrix_gateway_actx) > show options
        ...show and set options...
    msf exploit(citrix_gateway_actx) > exploit

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today