This module exploits a buffer overflow vulnerability in the NSEPA.NsepaCtrl.1 ActiveX control in Nsepa.ocx in Citrix Access Gateway Enterprise Edition. When the control processes a crafted HTTP header data, a stack based buffer overflow occurs allowing execution of arbitrary code. This module runs a web server waiting for vulnerable clients (Internet Explorer 6 or 7) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
CVE Link
Exploit Platform
Exploit Type
Product Name