The host is installed with Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 and is prone to an arbitrary library loading vulnerability. A flaw is present in the ActiveX control in nsepa.ocx in the application, which tries to validate dll's by checking certificate subject instead of checking the signature. Successful exploitation could allow attackers to execute arbitrary code.