1. CVE-Search
  2. CVE-2007-3679
ID CVE-2007-3679
Summary The Citrix EPA ActiveX control (aka the "endpoint checking control" or CCAOControl Object) before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows remote attackers to download and execute arbitrary programs onto a client system. User must be logged in.
References
Vulnerable Configurations
  • cpe:2.3:a:citrix:access_gateway:4.5:hf1:advanced:*:*:*:*:*
    cpe:2.3:a:citrix:access_gateway:4.5:hf1:advanced:*:*:*:*:*
  • cpe:2.3:a:citrix:access_gateway:*:*:standard:*:*:*:*:*
    cpe:2.3:a:citrix:access_gateway:*:*:standard:*:*:*:*:*
CVSS
Base: 4.3 (as of 15-10-2018 - 21:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
refmap via4
bid
  • 24865
  • 24975
bugtraq 20070718 SYMSA-2007-006: Citrix EPA ActiveX Control Design Flaw
confirm
misc http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-006.txt
osvdb 37845
secunia 26143
sreason 2916
vupen ADV-2007-2583
xf citrix-access-activex-plugin-code-execution(35511)
Last major update 15-10-2018 - 21:29
Published 25-07-2007 - 17:30
Last modified 15-10-2018 - 21:29
Back to Top