CVE Vulnerability

CVE-2007-3679

The Citrix EPA ActiveX control (aka the "endpoint checking control" or CCAOControl Object) before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows remote attackers to download and execute arbitrary programs onto a client system.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

References
Link Resource
http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-006.txt
http://support.citrix.com/article/CTX113815 Patch
http://support.citrix.com/article/CTX114028 Patch
http://www.securityfocus.com/bid/24865
http://www.securityfocus.com/bid/24975 Patch
http://secunia.com/advisories/26143 Patch Vendor Advisory
http://securityreason.com/securityalert/2916
http://osvdb.org/37845
http://www.vupen.com/english/advisories/2007/2583
https://exchange.xforce.ibmcloud.com/vulnerabilities/35511
http://www.securityfocus.com/archive/1/474204/100/0/threaded
Configurations

Configuration 1

cpe:2.3:a:citrix:access_gateway:*:*:standard:*:*:*:*:*
cpe:2.3:a:citrix:access_gateway:*:hf1:advanced:*:*:*:*:*
Information

Published : 2007-07-25 05:30

Updated : 2018-10-15 09:29

NVD link : CVE-2007-3679

Mitre link : CVE-2007-3679

Products Affected
No products.
CWE
NVD-CWE-Other