[原文]Citrix Independent Computing Architecture (ICA) Client for Windows 6.1 allows remote malicious web sites to execute arbitrary code via a .ICA file, which is downloaded and automatically executed by the client.
Windows 6.1版本的Citrix Independent Computing Architecture (ICA) Client存在漏洞。远程恶意web网站借助.ICA文件执行任意代码。该漏洞可通过客户端下载且自动执行。
Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org .
Discovered by Michiel Kikkert - email@example.com and posted to the BugTraq mailing list on December 13, 2001.
Citrix ICA Client for Windows 6.1
Citrix ICA is a protocol used for remote application serving of terminal based applications.
When the ICA client is installed on a Windows machine, it is associated with the .ICA file extension. Whenever an ICA file is referenced within a web page, the client machine will connect to the published application and execute it, without prompting the user.
Links concealed on pages, for example with hidden frames, could result in arbitrary code being executed on the client machine without the knowledge of the user.
No exploit code is required to take advantage of this issue.
Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org <mailto:email@example.com>.