"The Citrix Presentation Server Client for Windows includes support for making ICA connections through proxy servers. An implementation flaw in this functionality may allow an attacker to execute arbitrary code in the context of the client process." Surely that's only going to run in the context of the user - so the major worry there is what? From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Malcolm Bruton Sent: 01 March 2007 16:20 To: thin@xxxxxxxxxxxxx Subject: [THIN] Citrix Client v10 Anyone been brave enough yet for deployment? http://support.citrix.com/article/CTX112589 Conveient that citrix have released this article and asked to upgrade to v10 to fix..... Of which I already have our security team asking about upgrading Malcolm