RE: breakout of citrix

["Dubber, Drew B" <drew.dubber () eds com>]

Hi

Can't say that I've come across this issue before but since the Office Suite
is so scriptable its pretty easy to try to invoke an explorer session
locally - might be what is happening here? Have a look on Google for group
policies on hiding and restricting drives, and also restricting direct
access to the command shell. There are all standard GPO template settings in
Win2k/3 that can be used to prevent the user seeing or accessing drive
letters.

Again, I'll whisper that you can lock down exe's with ACLs and use a
Software Restriction Policy (or go one better with Appsense) to make your
SBC environment more watertight.

OOO, as someone else asked, what version of Citrix and Word are you using? 

Kind Regards

Drew 

-----Original Message-----
From: Kenzo [mailto:kenzo_chin () hotmail com] 
Sent: 19 October 2004 17:51
To: security-basics () securityfocus com
Subject: breakout of citrix

I was wondering if anyone has seen this and if there is a fix for this.
basically this is what's happening.
We have a test citrix environment serving couple apps.
The clients can either connect using the windows ica client or thru a WYSE
terminal.
In both case the same thing happens.
One particular app that we provide is MS word.
I discovered that if you insert a link into the work document such as "c:\"
and click on it.
Citrix freaks out, then gives you the desktop of the citrix server.
> From there you can do access what ever programs you want.

Any ideas on how to fix this??

Thanks.