The Citrix version is Metaframe XP Enteprise, running on win2k3 and word
2000.
I haven't have the chance to look at using GPO to try to block this.
I'll try to contact Citrix and see what they have to say.
----- Original Message -----
From: "Dubber, Drew B" <drew.dubber@eds.com>
To: "Kenzo" <kenzo_chin@hotmail.com>; <security-basics@securityfocus.com>
Sent: Thursday, October 21, 2004 4:22 PM
Subject: RE: breakout of citrix
Hi
Can't say that I've come across this issue before but since the Office
Suite
is so scriptable its pretty easy to try to invoke an explorer session
locally - might be what is happening here? Have a look on Google for group
policies on hiding and restricting drives, and also restricting direct
access to the command shell. There are all standard GPO template settings
in
Win2k/3 that can be used to prevent the user seeing or accessing drive
letters.
Again, I'll whisper that you can lock down exe's with ACLs and use a
Software Restriction Policy (or go one better with Appsense) to make your
SBC environment more watertight.
OOO, as someone else asked, what version of Citrix and Word are you using?
Kind Regards
Drew
-----Original Message-----
From: Kenzo [mailto:kenzo_chin@hotmail.com]
Sent: 19 October 2004 17:51
To: security-basics@securityfocus.com
Subject: breakout of citrix
I was wondering if anyone has seen this and if there is a fix for this.
basically this is what's happening.
We have a test citrix environment serving couple apps.
The clients can either connect using the windows ica client or thru a WYSE
terminal.
In both case the same thing happens.
One particular app that we provide is MS word.
I discovered that if you insert a link into the work document such as
"c:\"
and click on it.
Citrix freaks out, then gives you the desktop of the citrix server.
From there you can do access what ever programs you want.
Any ideas on how to fix this??
Thanks.
