Arbitrary library loading vulnerability in NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access GatewayID: oval:org.secpod.oval:def:1993 | Date: (C)2011-08-23 (M)2021-09-11 |
Class: VULNERABILITY | Family: windows |
The host is installed with Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 and is prone to an arbitrary library loading vulnerability. A flaw is present in the ActiveX control in nsepa.ocx in the application, which tries to validate dll's by checking certificate subject instead of checking the signature. Successful exploitation could allow attackers to execute arbitrary code.
Platform: |
Microsoft Windows 7 |
Microsoft Windows Server 2003 |
Microsoft Windows Server 2008 |
Microsoft Windows Vista |
Microsoft Windows XP |
Product: |
Citrix Access Gateway |