Vulnerability & Exploit Database

Back to search

Citrix Provisioning Services 5.6 SP1 Streamprocess Opcode 0x40020006 Buffer Overflow

This module exploits a remote buffer overflow in the Citrix Provisioning Services 5.6 SP1 (without Hotfix CPVS56SP1E043) by sending a malformed packet with the opcode 0x40020006 (GetObjetsRequest) to the 6905/UDP port. The module, which allows code execution under the context of SYSTEM, has been successfully tested on Windows Server 2003 SP2 and Windows XP SP3.

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name



  • Anyway <Aniway.Anyway [at]>
  • alino <26alino [at]>
  • juan vazquez <juan.vazquez [at]>



  • Citrix Provisioning Services 5.6 SP1


  • windows



Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/windows/misc/citrix_streamprocess_get_objects msf exploit(citrix_streamprocess_get_objects) > show targets ...targets... msf exploit(citrix_streamprocess_get_objects) > set TARGET <target-id> msf exploit(citrix_streamprocess_get_objects) > show options and set options... msf exploit(citrix_streamprocess_get_objects) > exploit

Related Modules