Unrated severityNVD Advisory· Published Aug 11, 2010· Updated Apr 29, 2026

CVE-2010-2990

Description

Citrix Online Plug-in for Windows for XenApp & XenDesktop before 11.2, Citrix Online Plug-in for Mac for XenApp & XenDesktop before 11.0, Citrix ICA Client for Linux before 11.100, Citrix ICA Client for Solaris before 8.63, and Citrix Receiver for Windows Mobile before 11.5 allow remote attackers to execute arbitrary code via (1) a crafted HTML document, (2) a crafted .ICA file, or (3) a crafted type field in an ICA graphics packet, related to a "heap offset overflow" issue.

Affected products

Citrix Systems/Ica Client For Linux
cpe:2.3:a:citrix:ica_client_for_linux:*:*:*:*:*:*:*:*
Range: <=11.0
Citrix Systems/Ica Client For Solaris
cpe:2.3:a:citrix:ica_client_for_solaris:*:*:*:*:*:*:*:*
Range: <=8.62
Citrix Systems/Online Plug In For Mac For Xenapp \& Xendesktop
cpe:2.3:a:citrix:online_plug-in_for_mac_for_xenapp_\&_xendesktop:*:*:*:*:*:*:*:*
Range: <=10.0
Citrix Systems/Online Plug In For Windows For Xenapp \& Xendesktop
cpe:2.3:a:citrix:online_plug-in_for_windows_for_xenapp_\&_xendesktop:*:*:*:*:*:*:*:*
Range: <=11.1
Citrix Systems/Receiver For Windows Mobile
cpe:2.3:a:citrix:receiver_for_windows_mobile:*:*:*:*:*:*:*:*
Range: <=11.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.citrix.com/article/CTX125975nvdPatchVendor Advisory
secunia.com/advisories/40808nvdVendor Advisory
archives.neohapsis.com/archives/fulldisclosure/2010-08/0040.htmlnvd
www.securityfocus.com/archive/1/512861/100/0/threadednvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.004
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000