CVE-2011-2883

The NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 attempts to validate signed DLLs by checking the certificate subject, not the signature, which allows man-in-the-middle attackers to execute arbitrary code via HTTP header data referencing a DLL that was signed with a crafted certificate.

Published: Jul 22, 2011
Updated: Apr 13, 2023
CVE: CVE-2011-2883
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
citrix / access_gateway	8.1	8.1.x
citrix / access_gateway	9.0	9.0.x
citrix / access_gateway	9.1	9.1.x

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=928

Vulnerability Database

290,206

CVE-2011-2883