Trying to understand how this exploit actually works!

If a user witha Citrix desktop using IE through it hits a contaminated page where does the exploit attack?

Does it run on the remote desktop of the users or does it attack the Citrix server?

Citrix is a bit of a mystery to me, it's in the office but I never use it. Just trying to identify how much of an issue this is to us.