Buffer overflow in the Independent Management Architecture (IMA) service in Citrix Presentation Server (MetaFrame Presentation Server) 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 allows remote attackers to execute arbitrary code via an invalid size value in a packet to TCP port 2512 or 2513.
http://zerodayinitiative.com/advisories/ZDI-08-002.html
http://www.vupen.com/english/advisories/2008/0172
http://www.securitytracker.com/id?1019231
http://www.securityfocus.com/bid/27329
http://www.securityfocus.com/archive/1/486585/100/0/threaded
http://www.kb.cert.org/vuls/id/412228