Unrated severityNVD Advisory· Published Nov 10, 2006· Updated Apr 23, 2026
CVE-2006-5821
CVE-2006-5821
Description
Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ImaSystem.dll for Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to execute arbitrary code via requests to the Independent Management Architecture (IMA) service (ImaSrv.exe) with invalid size values that trigger the overflow during decryption.
Affected products
5cpe:2.3:a:citrix:metaframe:1.0:*:windows_2000:*:*:*:*:*+ 1 more
- cpe:2.3:a:citrix:metaframe:1.0:*:windows_2000:*:*:*:*:*
- cpe:2.3:a:citrix:metaframe:3.0:*:microsoft_windows_2000:*:*:*:*:*
cpe:2.3:a:citrix:metaframe_presentation_server:4.0:*:64-bit:*:*:*:*:*+ 2 more
- cpe:2.3:a:citrix:metaframe_presentation_server:4.0:*:64-bit:*:*:*:*:*
- cpe:2.3:a:citrix:metaframe_presentation_server:4.0:*:microsoft_windows_2000:*:*:*:*:*
- cpe:2.3:a:citrix:metaframe_presentation_server:4.0:*:microsoft_windows_2003:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- support.citrix.com/article/CTX111186nvdPatch
- secunia.com/advisories/22802nvd
- securitytracker.com/idnvd
- www.securityfocus.com/archive/1/451337/100/100/threadednvd
- www.securityfocus.com/bid/20986nvd
- www.vupen.com/english/advisories/2006/4429nvd
- www.zerodayinitiative.com/advisories/ZDI-06-038.htmlnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/30148nvd
News mentions
0No linked articles in our index yet.