VYPR
Unrated severityNVD Advisory· Published Aug 11, 2010· Updated Jun 16, 2026

CVE-2010-2991

CVE-2010-2991

Description

The IICAClient interface in the ICAClient library in the ICA Client ActiveX Object (aka ICO) component in Citrix Online Plug-in for Windows for XenApp & XenDesktop before 12.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document that triggers the reading of a .ICA file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • cpe:2.3:a:citrix:online_plug-in_for_windows_for_xenapp_\&_xendesktop:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:citrix:online_plug-in_for_windows_for_xenapp_\&_xendesktop:*:*:*:*:*:*:*:*range: <=12.0
    • cpe:2.3:a:citrix:online_plug-in_for_windows_for_xenapp_\&_xendesktop:11.1:*:*:*:*:*:*:*
    • (no CPE)range: <12.0.3

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.