Home page logo

pen-test logo Penetration Testing mailing list archives

Citrix application breakout - take care of Microsoft calculator
From: Stefan Gora <stefan.gora () secorvo de>
Date: Fri, 07 Mar 2008 12:13:39 +0100

Dear all,

I'm not shure if the following issue is already known or exciting, nevertheless the following attack vector found during a penetration test might be interesting:

A customer has built a Citrix environment for a partner company to provide access to a specific application. This application was intended to be the only application accessible for this partner. It was possible to get a remote task manager with CRTL-F3, but no other way of interacting with the Citrix Server (e.g. through printing or so).

Unfortunately they have integrated Microsoft's calculator into the application. A bad idea - guess why ;-).

Using the calculator you are able to do funny stuff: Open the calculator and click "info". Klick on the licence agreement and here you go, you have got an editor. With this you can use "open file" and browse the server, find for example Word and rightclick on "Open" - Word is running, and all other applications which you like as well ...

I think this can easily be fixed using more restrictive file permissions, but I thought maybe some of you might find this information useful.


Identity Management Symposium 22.-23.04.2008 KA/Ettlingen

Stefan Gora
Security Consultant

Secorvo Security Consulting GmbH
Ettlinger Strasse 12-14, D-76137 Karlsruhe
Tel. +49 721 255171-302, Fax +49 721 255171-100
stefan.gora () secorvo de, http://www.secorvo.de
PGP: 5EAD 34FE F3C1 0FEB  058F 4DD0 E6B3 FF4A

Mannheim HRB 108319, Geschaeftsfuehrer: Dirk Fox

This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]