This fix addresses a session brokering issue.[From ][#LA4447]
(Superseded by BrokerAgent750WX64003)
Here is the response I got from Citrix support.
http://support.citrix.com/article/CTX140723 addresses the session brokering issue and update all the .dll and .exe files mentioned.
It addresses the following scenario:
If a VDA launch is terminated before it is completed and desktop is made available to user, after the credentials were submitted for login to the VDA, the ICA session on the VDA is cleaned up and the VDA becomes available for brokering again.
But logon will continue for the user who submitted the credentials and will be logged in to the console. If this VDA gets brokered to another user, this second user gets the logged in desktop of the first user.
Vulnerability in Citrix XenDesktop could result in unauthorized access to another user’s desktop-
The hotfixes for Citrix XenDesktop 7.1 and 7.5 can be downloaded from the following locations:
CTX140362 or CTX140363