Is my application secure if I publish it via Citrix Xenapp?

Jun 27

Posted by

Not necessarily…..especially Microsoft Excel.

Applications still run in the user context on the Xenapp server however all the user is seeing is the application UI.

Excel and other apps which allow you to write macros pose an interesting problem…you can write a macro to spawn processes/applications from the server, here is some example code;

Sub Testing()

Dim RetVal

RetVal = Shell(“c:\windows\system32\cmd.exe”, 1)

RetVal = Shell(“c:\windows\explorer.exe”, 1)

RetVal = Shell(“C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe”, 1)

RetVal = Shell(“C:\Windows\System32\regedit.exe, 1)

End Sub

So if the Xenapp server isnt locked down using group policy then you’ve just opened yourself up for a whole world of “comeandhackmyass”.

A good resource for group policy is Group Policy Center.

Credit to Dave Taylor for giving me the information for this macro code :)

Advertisement

About Luke

Technical Consultant @ Red Ember Solutions focusing on cloud and infrastructure

Posted on June 27, 2011, in Citrix. Bookmark the permalink. Leave a Comment.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 170 other followers