Vulnerability-Lookup

CVE-2007-3679 (GCVE-0-2007-3679)

Vulnerability from cvelistv5 – Published: 2007-07-25 17:00 – Updated: 2024-08-07 14:28

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://osvdb.org/37845	vdb-entryx_refsource_OSVDB
	http://www.vupen.com/english/advisories/2007/2583	vdb-entryx_refsource_VUPEN
	http://securityreason.com/securityalert/2916	third-party-advisoryx_refsource_SREASON
	http://secunia.com/advisories/26143	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/24975	vdb-entryx_refsource_BID
	http://www.securityfocus.com/archive/1/474204/100…	mailing-listx_refsource_BUGTRAQ
	http://www.symantec.com/content/en/us/enterprise/…	x_refsource_MISC
	http://support.citrix.com/article/CTX113815	x_refsource_CONFIRM
	http://support.citrix.com/article/CTX114028	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/24865	vdb-entryx_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:28:51.285Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "37845",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37845"
          },
          {
            "name": "ADV-2007-2583",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2583"
          },
          {
            "name": "2916",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/2916"
          },
          {
            "name": "26143",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26143"
          },
          {
            "name": "24975",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24975"
          },
          {
            "name": "20070718 SYMSA-2007-006: Citrix EPA ActiveX Control Design Flaw",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/474204/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-006.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.citrix.com/article/CTX113815"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.citrix.com/article/CTX114028"
          },
          {
            "name": "24865",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24865"
          },
          {
            "name": "citrix-access-activex-plugin-code-execution(35511)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35511"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-07-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Citrix EPA ActiveX control (aka the \"endpoint checking control\" or CCAOControl Object) before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows remote attackers to download and execute arbitrary programs onto a client system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "37845",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37845"
        },
        {
          "name": "ADV-2007-2583",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2583"
        },
        {
          "name": "2916",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/2916"
        },
        {
          "name": "26143",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26143"
        },
        {
          "name": "24975",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24975"
        },
        {
          "name": "20070718 SYMSA-2007-006: Citrix EPA ActiveX Control Design Flaw",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/474204/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-006.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.citrix.com/article/CTX113815"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.citrix.com/article/CTX114028"
        },
        {
          "name": "24865",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24865"
        },
        {
          "name": "citrix-access-activex-plugin-code-execution(35511)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35511"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-3679",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Citrix EPA ActiveX control (aka the \"endpoint checking control\" or CCAOControl Object) before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows remote attackers to download and execute arbitrary programs onto a client system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "37845",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37845"
            },
            {
              "name": "ADV-2007-2583",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2583"
            },
            {
              "name": "2916",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/2916"
            },
            {
              "name": "26143",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26143"
            },
            {
              "name": "24975",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24975"
            },
            {
              "name": "20070718 SYMSA-2007-006: Citrix EPA ActiveX Control Design Flaw",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/474204/100/0/threaded"
            },
            {
              "name": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-006.txt",
              "refsource": "MISC",
              "url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-006.txt"
            },
            {
              "name": "http://support.citrix.com/article/CTX113815",
              "refsource": "CONFIRM",
              "url": "http://support.citrix.com/article/CTX113815"
            },
            {
              "name": "http://support.citrix.com/article/CTX114028",
              "refsource": "CONFIRM",
              "url": "http://support.citrix.com/article/CTX114028"
            },
            {
              "name": "24865",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24865"
            },
            {
              "name": "citrix-access-activex-plugin-code-execution(35511)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35511"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-3679",
    "datePublished": "2007-07-25T17:00:00",
    "dateReserved": "2007-07-11T00:00:00",
    "dateUpdated": "2024-08-07T14:28:51.285Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-3679\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-07-25T17:30:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Citrix EPA ActiveX control (aka the \\\"endpoint checking control\\\" or CCAOControl Object) before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows remote attackers to download and execute arbitrary programs onto a client system.\"},{\"lang\":\"es\",\"value\":\"El control ActiveX Citrix EPA (tambi\u00e9n conocido como el \\\"endpoint checking control\\\" \u00f3 Objeto CCAOControl) versiones anteriores a 4.5.0.0 en npCtxCAO.dll de Citrix Access Gateway Standard Edition versiones anteriores a 4.5.5 y Advanced Edition versiones anteriores a 4.5 HF1, permite a atacantes remotos descargar y ejecutar programas de su elecci\u00f3n en un sistema cliente.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:access_gateway:*:hf1:advanced:*:*:*:*:*\",\"versionEndIncluding\":\"4.5\",\"matchCriteriaId\":\"7A132506-353D-4128-82A2-46DBC000B753\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:access_gateway:*:*:standard:*:*:*:*:*\",\"versionEndIncluding\":\"4.5.5\",\"matchCriteriaId\":\"47ABB5D2-79BD-48AC-877E-E671C7408362\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/37845\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/26143\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/2916\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.citrix.com/article/CTX113815\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://support.citrix.com/article/CTX114028\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/archive/1/474204/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/24865\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/24975\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-006.txt\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/2583\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/35511\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/37845\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/26143\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/2916\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.citrix.com/article/CTX113815\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://support.citrix.com/article/CTX114028\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/archive/1/474204/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/24865\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/24975\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-006.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/2583\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/35511\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorComment\":\"User must be logged in.\"}}"
  }
}

FKIE_CVE-2007-3679

Vulnerability from fkie_nvd - Published: 2007-07-25 17:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://osvdb.org/37845
cve@mitre.org	http://secunia.com/advisories/26143	Patch, Vendor Advisory
cve@mitre.org	http://securityreason.com/securityalert/2916
cve@mitre.org	http://support.citrix.com/article/CTX113815	Patch
cve@mitre.org	http://support.citrix.com/article/CTX114028	Patch
cve@mitre.org	http://www.securityfocus.com/archive/1/474204/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/24865
cve@mitre.org	http://www.securityfocus.com/bid/24975	Patch
cve@mitre.org	http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-006.txt
cve@mitre.org	http://www.vupen.com/english/advisories/2007/2583
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/35511
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/37845
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26143	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/2916
af854a3a-2127-422b-91ae-364da2661108	http://support.citrix.com/article/CTX113815	Patch
af854a3a-2127-422b-91ae-364da2661108	http://support.citrix.com/article/CTX114028	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/474204/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/24865
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/24975	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-006.txt
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2583
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/35511

Impacted products

	Vendor	Product	Version
	citrix	access_gateway	*
	citrix	access_gateway	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:citrix:access_gateway:*:hf1:advanced:*:*:*:*:*",
              "matchCriteriaId": "7A132506-353D-4128-82A2-46DBC000B753",
              "versionEndIncluding": "4.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:access_gateway:*:*:standard:*:*:*:*:*",
              "matchCriteriaId": "47ABB5D2-79BD-48AC-877E-E671C7408362",
              "versionEndIncluding": "4.5.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Citrix EPA ActiveX control (aka the \"endpoint checking control\" or CCAOControl Object) before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows remote attackers to download and execute arbitrary programs onto a client system."
    },
    {
      "lang": "es",
      "value": "El control ActiveX Citrix EPA (tambi\u00e9n conocido como el \"endpoint checking control\" \u00f3 Objeto CCAOControl) versiones anteriores a 4.5.0.0 en npCtxCAO.dll de Citrix Access Gateway Standard Edition versiones anteriores a 4.5.5 y Advanced Edition versiones anteriores a 4.5 HF1, permite a atacantes remotos descargar y ejecutar programas de su elecci\u00f3n en un sistema cliente."
    }
  ],
  "evaluatorComment": "User must be logged in.",
  "id": "CVE-2007-3679",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-07-25T17:30:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/37845"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26143"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/2916"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://support.citrix.com/article/CTX113815"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://support.citrix.com/article/CTX114028"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/474204/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/24865"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/24975"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-006.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/2583"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35511"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/37845"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26143"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/2916"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://support.citrix.com/article/CTX113815"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://support.citrix.com/article/CTX114028"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/474204/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/24865"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/24975"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-006.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2583"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35511"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2007-3679

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-3679

Aliases

CVE-2007-3679

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-3679",
    "description": "The Citrix EPA ActiveX control (aka the \"endpoint checking control\" or CCAOControl Object) before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows remote attackers to download and execute arbitrary programs onto a client system.",
    "id": "GSD-2007-3679"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-3679"
      ],
      "details": "The Citrix EPA ActiveX control (aka the \"endpoint checking control\" or CCAOControl Object) before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows remote attackers to download and execute arbitrary programs onto a client system.",
      "id": "GSD-2007-3679",
      "modified": "2023-12-13T01:21:42.290107Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-3679",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Citrix EPA ActiveX control (aka the \"endpoint checking control\" or CCAOControl Object) before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows remote attackers to download and execute arbitrary programs onto a client system."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "37845",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/37845"
          },
          {
            "name": "ADV-2007-2583",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/2583"
          },
          {
            "name": "2916",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/2916"
          },
          {
            "name": "26143",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/26143"
          },
          {
            "name": "24975",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/24975"
          },
          {
            "name": "20070718 SYMSA-2007-006: Citrix EPA ActiveX Control Design Flaw",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/474204/100/0/threaded"
          },
          {
            "name": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-006.txt",
            "refsource": "MISC",
            "url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-006.txt"
          },
          {
            "name": "http://support.citrix.com/article/CTX113815",
            "refsource": "CONFIRM",
            "url": "http://support.citrix.com/article/CTX113815"
          },
          {
            "name": "http://support.citrix.com/article/CTX114028",
            "refsource": "CONFIRM",
            "url": "http://support.citrix.com/article/CTX114028"
          },
          {
            "name": "24865",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/24865"
          },
          {
            "name": "citrix-access-activex-plugin-code-execution(35511)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35511"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:citrix:access_gateway:*:*:standard:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.5.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:access_gateway:*:hf1:advanced:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.5",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-3679"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Citrix EPA ActiveX control (aka the \"endpoint checking control\" or CCAOControl Object) before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows remote attackers to download and execute arbitrary programs onto a client system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-006.txt",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-006.txt"
            },
            {
              "name": "http://support.citrix.com/article/CTX113815",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://support.citrix.com/article/CTX113815"
            },
            {
              "name": "http://support.citrix.com/article/CTX114028",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://support.citrix.com/article/CTX114028"
            },
            {
              "name": "24865",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/24865"
            },
            {
              "name": "24975",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/24975"
            },
            {
              "name": "26143",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/26143"
            },
            {
              "name": "2916",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/2916"
            },
            {
              "name": "37845",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/37845"
            },
            {
              "name": "ADV-2007-2583",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/2583"
            },
            {
              "name": "citrix-access-activex-plugin-code-execution(35511)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35511"
            },
            {
              "name": "20070718 SYMSA-2007-006: Citrix EPA ActiveX Control Design Flaw",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/474204/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-15T21:29Z",
      "publishedDate": "2007-07-25T17:30Z"
    }
  }
}

VAR-200707-0453

Vulnerability from variot - Updated: 2025-04-10 23:13

The Citrix EPA ActiveX control (aka the "endpoint checking control" or CCAOControl Object) before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows remote attackers to download and execute arbitrary programs onto a client system. Citrix EPA ActiveX control is prone to a remote code-execution vulnerability. An attacker may exploit this issue by enticing victims into visiting a malicious webpage. Successful exploits may allow attackers to execute arbitrary code on a victim's computer. This may facilitate a compromise of vulnerable computers. Citrix Access Gateway, a general-purpose SSL VPN device, provides secure and always-on single-point access support for information resources. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

                 Symantec Vulnerability Research
                 http://www.symantec.com/research
                       Security Advisory

Advisory ID: SYMSA-2007-006 Advisory Title: Citrix EPA ActiveX Control Design Flaw Author: Michael White / michael_white@symantec.com Release Date: 19-07-2007 Application: Citrix Access Gateway Platform: Internet Explorer/Win32 Severity: Remote arbitrary code execution Vendor status: Patch available CVE Number: CVE-2007-3679 Reference: http://www.securityfocus.com/bid/24865

Overview:

Citrix Access Gateway offers a clientless SSL VPN solution implemented through a series of browser-based controls. As part of the endpoint validation, the ActiveX control for Internet Explorer downloads and executes a series of executable modules from the remote server.

Details:

Researchers identified that the endpoint checking control can be embedded in any web page and subverted to download and execute any executable module of the attacker\x92s choosing.

This vulnerability represents a design flaw in the architecture of the endpoint validation practice.

A high level of browser trust is required to allow the endpoint checks to function correctly, and the control is signed by Citrix Corporation.

Vendor Response:

This has been addressed by a product update. See http://support.citrix.com/article/CTX113815

Recommendation:

Apply the product update as detailed in http://support.citrix.com/article/CTX113815

Common Vulnerabilities and Exposures (CVE) Information:

The Common Vulnerabilities and Exposures (CVE) project has assigned the following names to these issues. These are candidates for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems.

CVE-2007-3679

-------Symantec Vulnerability Research Advisory Information-------

For questions about this advisory, or to report an error: research@symantec.com

For details on Symantec's Vulnerability Reporting Policy: http://www.symantec.com/research/Symantec-Responsible-Disclosure.pdf

Symantec Vulnerability Research Advisory Archive: http://www.symantec.com/research/

Symantec Vulnerability Research GPG Key: http://www.symantec.com/research/Symantec_Vulnerability_Research_GPG.asc

-------------Symantec Product Advisory Information-------------

To Report a Security Vulnerability in a Symantec Product: secure@symantec.com

For general information on Symantec's Product Vulnerability reporting and response: http://www.symantec.com/security/

Symantec Product Advisory Archive: http://www.symantec.com/avcenter/security/SymantecAdvisories.html

Symantec Product Advisory PGP Key: http://www.symantec.com/security/Symantec-Vulnerability-Management-Key.asc

Copyright (c) 2007 by Symantec Corp. Permission to redistribute this alert electronically is granted as long as it is not edited in any way unless authorized by Symantec Consulting Services. Reprinting the whole or part of this alert in any medium other than electronically requires permission from research@symantec.com.

Disclaimer The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.

Symantec, Symantec products, and Symantec Consulting Services are registered trademarks of Symantec Corp. and/or affiliated companies in the United States and other countries. All other registered and unregistered trademarks represented in this document are the sole property of their respective companies/owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32)

iD8DBQFGnRXXuk7IIFI45IARAla8AKDKwcYD23htC+trwq1Ke5Qvam99YACfUgJh VynDvAnppLmojz2wbrLfR+U= =QakL -----END PGP SIGNATURE----- .

Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure.

The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/

The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications.

TITLE: Citrix Access Gateway Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA26143

VERIFY ADVISORY: http://secunia.com/advisories/26143/

CRITICAL: Highly critical

IMPACT: Cross Site Scripting, Exposure of sensitive information, System access

WHERE:

From remote

SOFTWARE: Citrix Access Gateway 4.x http://secunia.com/product/6168/

DESCRIPTION: Some vulnerabilities and a security issue have been reported in Citrix Access Gateway, which can be exploited by malicious people to disclose sensitive information, conduct cross-site request forgery attacks, or to compromise a user's system.

1) A security issue due to residual information left on the client device can be exploited to gain unauthorized access to a user\x92s active session.

This security issue is reported in Access Gateway Advanced Edition 4.5 and prior.

These vulnerabilities are reported in Access Gateway Standard Edition 4.5.2 and prior and Access Gateway Advanced Editions version 4.5 and prior with appliance firmware 4.5.2 and prior.

3) The web-based administration console of an Access Gateway appliance allows administrator to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to e.g. change certain configuration settings, by enticing a logged-in administrator to visit a malicious web site.

This vulnerability is reported in Access Gateway model 2000 appliances with firmware version 4.5.2 and prior. Access Gateway Enterprise Edition is reportedly not affected.

A redirection issue that may facilitate phishing attacks has also been reported.

SOLUTION: Apply hotfix and update firmware to version 4.5.5. 2) The vendor credits Michael White, Symantec. 3) The vendor credits Paul Johnston.

ORIGINAL ADVISORY: http://support.citrix.com/article/CTX113814 http://support.citrix.com/article/CTX113815 http://support.citrix.com/article/CTX113816 http://support.citrix.com/article/CTX113817

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200707-0453",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "access gateway",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "citrix",
        "version": "4.5.5"
      },
      {
        "model": "access gateway",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "4.5"
      },
      {
        "model": "access gateway",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "4.5.5"
      },
      {
        "model": "access gateway",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "citrix",
        "version": "4.5 hf1"
      },
      {
        "model": "access gateway",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "citrix",
        "version": "advanced edition"
      },
      {
        "model": "access gateway",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "citrix",
        "version": "st ard edition"
      },
      {
        "model": "access gateway",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "citrix",
        "version": "4.5"
      },
      {
        "model": "access gateway standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.5"
      },
      {
        "model": "access gateway advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.5"
      },
      {
        "model": "access gateway aac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.0"
      },
      {
        "model": "access gateway aac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.2"
      },
      {
        "model": "access gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "24865"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002313"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-451"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-3679"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:citrix:access_gateway",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002313"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Michael White\u203b michael_white@symantec.com",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-451"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2007-3679",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2007-3679",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-27041",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2007-3679",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2007-3679",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200707-451",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-27041",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-27041"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002313"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-451"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-3679"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Citrix EPA ActiveX control (aka the \"endpoint checking control\" or CCAOControl Object) before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows remote attackers to download and execute arbitrary programs onto a client system. Citrix EPA ActiveX control is prone to a remote code-execution vulnerability. \nAn attacker may exploit this issue by enticing victims into visiting a malicious webpage. \nSuccessful exploits may allow attackers to execute arbitrary code on a victim\u0027s computer. This may facilitate a compromise of vulnerable computers. Citrix Access Gateway, a general-purpose SSL VPN device, provides secure and always-on single-point access support for information resources. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n                     Symantec Vulnerability Research\n                     http://www.symantec.com/research\n                           Security Advisory\n\n   Advisory ID: SYMSA-2007-006\nAdvisory Title: Citrix EPA ActiveX Control Design Flaw\n        Author: Michael White / michael_white@symantec.com\n  Release Date: 19-07-2007\n   Application: Citrix Access Gateway\n      Platform: Internet Explorer/Win32\n      Severity: Remote arbitrary code execution\n Vendor status: Patch available\n    CVE Number: CVE-2007-3679\n     Reference: http://www.securityfocus.com/bid/24865\n\n\nOverview:\n\nCitrix Access Gateway offers a clientless SSL VPN solution\nimplemented through a series of browser-based controls. As part of\nthe endpoint validation, the ActiveX control for Internet Explorer\ndownloads and executes a series of executable modules from the\nremote server. \n\nDetails:\n\nResearchers identified that the endpoint checking control can be\nembedded in any web page and subverted to download and execute any\nexecutable module of the attacker\\x92s choosing. \n\nThis vulnerability represents a design flaw in the architecture of\nthe endpoint validation practice. \n\nA high level of browser trust is required to allow the endpoint\nchecks to function correctly, and the control is signed by Citrix\nCorporation. \n\nVendor Response:\n\nThis has been addressed by a product update. \nSee http://support.citrix.com/article/CTX113815\n\nRecommendation:\n\nApply the product update as detailed in \nhttp://support.citrix.com/article/CTX113815\n\nCommon Vulnerabilities and Exposures (CVE) Information:\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned\nthe following names to these issues.  These are candidates for\ninclusion in the CVE list (http://cve.mitre.org), which standardizes\nnames for security problems. \n\n  CVE-2007-3679\n\n- -------Symantec Vulnerability Research Advisory Information-------\n\nFor questions about this advisory, or to report an error:\nresearch@symantec.com\n\nFor details on Symantec\u0027s Vulnerability Reporting Policy:\nhttp://www.symantec.com/research/Symantec-Responsible-Disclosure.pdf\n\nSymantec Vulnerability Research Advisory Archive:\nhttp://www.symantec.com/research/\n\nSymantec Vulnerability Research GPG Key:\nhttp://www.symantec.com/research/Symantec_Vulnerability_Research_GPG.asc\n\n- -------------Symantec Product Advisory Information-------------\n\nTo Report a Security Vulnerability in a Symantec Product:\nsecure@symantec.com\n\nFor general information on Symantec\u0027s Product Vulnerability\nreporting and response:\nhttp://www.symantec.com/security/\n\nSymantec Product Advisory Archive:\nhttp://www.symantec.com/avcenter/security/SymantecAdvisories.html\n\nSymantec Product Advisory PGP Key:\nhttp://www.symantec.com/security/Symantec-Vulnerability-Management-Key.asc\n\n- ---------------------------------------------------------------\n\nCopyright (c) 2007 by Symantec Corp. \nPermission to redistribute this alert electronically is granted\nas long as it is not edited in any way unless authorized by\nSymantec Consulting Services. Reprinting the whole or part of\nthis alert in any medium other than electronically requires\npermission from research@symantec.com. \n\nDisclaimer\nThe information in the advisory is believed to be accurate at the\ntime of publishing based on currently available information. Use\nof the information constitutes acceptance for use in an AS IS\ncondition. There are no warranties with regard to this information. \nNeither the author nor the publisher accepts any liability for any\ndirect, indirect, or consequential loss or damage arising from use\nof, or reliance on, this information. \n\nSymantec, Symantec products, and Symantec Consulting Services are\nregistered trademarks of Symantec Corp. and/or affiliated companies\nin the United States and other countries. All other registered and\nunregistered trademarks represented in this document are the sole\nproperty of their respective companies/owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (MingW32)\n\niD8DBQFGnRXXuk7IIFI45IARAla8AKDKwcYD23htC+trwq1Ke5Qvam99YACfUgJh\nVynDvAnppLmojz2wbrLfR+U=\n=QakL\n-----END PGP SIGNATURE-----\n. \n\n----------------------------------------------------------------------\n\nTry a new way to discover vulnerabilities that ALREADY EXIST in your\nIT infrastructure. \n\nThe Full Featured Secunia Network Software Inspector (NSI) is now\navailable:\nhttp://secunia.com/network_software_inspector/\n\nThe Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT\nvulnerabilities in more than 4,000 different Windows applications. \n\n----------------------------------------------------------------------\n\nTITLE:\nCitrix Access Gateway Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA26143\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/26143/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nCross Site Scripting, Exposure of sensitive information, System\naccess\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nCitrix Access Gateway 4.x\nhttp://secunia.com/product/6168/\n\nDESCRIPTION:\nSome vulnerabilities and a security issue have been reported in\nCitrix Access Gateway, which can be exploited by malicious people to\ndisclose sensitive information, conduct cross-site request forgery\nattacks, or to compromise a user\u0027s system. \n\n1) A security issue due to residual information left on the client\ndevice can be exploited to gain unauthorized access to a user\\x92s\nactive session. \n\nThis security issue is reported in Access Gateway Advanced Edition\n4.5 and prior. \n\nThese vulnerabilities are reported in Access Gateway Standard Edition\n4.5.2 and prior and Access Gateway Advanced Editions version 4.5 and\nprior with appliance firmware 4.5.2 and prior. \n\n3) The web-based administration console of an Access Gateway\nappliance allows administrator to perform certain actions via HTTP\nrequests without performing any validity checks to verify the\nrequest. This can be exploited to e.g. change certain configuration\nsettings, by enticing a logged-in administrator to visit a malicious\nweb site. \n\nThis vulnerability is reported in Access Gateway model 2000\nappliances with firmware version 4.5.2 and prior. Access Gateway\nEnterprise Edition is reportedly not affected. \n\nA redirection issue that may facilitate phishing attacks has also\nbeen reported. \n\nSOLUTION:\nApply hotfix and update firmware to version 4.5.5. \n2) The vendor credits Michael White, Symantec. \n3) The vendor credits Paul Johnston. \n\nORIGINAL ADVISORY:\nhttp://support.citrix.com/article/CTX113814\nhttp://support.citrix.com/article/CTX113815\nhttp://support.citrix.com/article/CTX113816\nhttp://support.citrix.com/article/CTX113817\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-3679"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002313"
      },
      {
        "db": "BID",
        "id": "24865"
      },
      {
        "db": "VULHUB",
        "id": "VHN-27041"
      },
      {
        "db": "PACKETSTORM",
        "id": "57916"
      },
      {
        "db": "PACKETSTORM",
        "id": "57912"
      }
    ],
    "trust": 2.16
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-27041",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-27041"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2007-3679",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "24865",
        "trust": 2.1
      },
      {
        "db": "SECUNIA",
        "id": "26143",
        "trust": 1.8
      },
      {
        "db": "BID",
        "id": "24975",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2583",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "37845",
        "trust": 1.7
      },
      {
        "db": "SREASON",
        "id": "2916",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002313",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-451",
        "trust": 0.7
      },
      {
        "db": "BUGTRAQ",
        "id": "20070718 SYMSA-2007-006: CITRIX EPA ACTIVEX CONTROL DESIGN FLAW",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "35511",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "57916",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-27041",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "57912",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-27041"
      },
      {
        "db": "BID",
        "id": "24865"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002313"
      },
      {
        "db": "PACKETSTORM",
        "id": "57916"
      },
      {
        "db": "PACKETSTORM",
        "id": "57912"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-451"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-3679"
      }
    ]
  },
  "id": "VAR-200707-0453",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-27041"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-10T23:13:15.655000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CTX113815",
        "trust": 0.8,
        "url": "http://support.citrix.com/article/CTX113815"
      },
      {
        "title": "CTX114028",
        "trust": 0.8,
        "url": "http://support.citrix.com/article/CTX114028"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002313"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-3679"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "http://support.citrix.com/article/ctx113815"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/24865"
      },
      {
        "trust": 1.8,
        "url": "http://support.citrix.com/article/ctx114028"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/24975"
      },
      {
        "trust": 1.7,
        "url": "http://www.symantec.com/content/en/us/enterprise/research/symsa-2007-006.txt"
      },
      {
        "trust": 1.7,
        "url": "http://osvdb.org/37845"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/26143"
      },
      {
        "trust": 1.7,
        "url": "http://securityreason.com/securityalert/2916"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/474204/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2007/2583"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35511"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3679"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3679"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2007/2583"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/474204/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/35511"
      },
      {
        "trust": 0.3,
        "url": "http://www.citrix.com/"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/474204"
      },
      {
        "trust": 0.1,
        "url": "http://www.symantec.com/research/symantec-responsible-disclosure.pdf"
      },
      {
        "trust": 0.1,
        "url": "http://www.symantec.com/research"
      },
      {
        "trust": 0.1,
        "url": "http://www.symantec.com/research/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3679"
      },
      {
        "trust": 0.1,
        "url": "http://www.symantec.com/avcenter/security/symantecadvisories.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.symantec.com/security/"
      },
      {
        "trust": 0.1,
        "url": "http://www.symantec.com/security/symantec-vulnerability-management-key.asc"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org),"
      },
      {
        "trust": 0.1,
        "url": "http://www.symantec.com/research/symantec_vulnerability_research_gpg.asc"
      },
      {
        "trust": 0.1,
        "url": "http://support.citrix.com/article/ctx113817"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6168/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/network_software_inspector/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/26143/"
      },
      {
        "trust": 0.1,
        "url": "http://support.citrix.com/article/ctx112803"
      },
      {
        "trust": 0.1,
        "url": "http://support.citrix.com/article/ctx113814"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://support.citrix.com/article/ctx113816"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-27041"
      },
      {
        "db": "BID",
        "id": "24865"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002313"
      },
      {
        "db": "PACKETSTORM",
        "id": "57916"
      },
      {
        "db": "PACKETSTORM",
        "id": "57912"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-451"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-3679"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-27041"
      },
      {
        "db": "BID",
        "id": "24865"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002313"
      },
      {
        "db": "PACKETSTORM",
        "id": "57916"
      },
      {
        "db": "PACKETSTORM",
        "id": "57912"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-451"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-3679"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-07-25T00:00:00",
        "db": "VULHUB",
        "id": "VHN-27041"
      },
      {
        "date": "2007-07-19T00:00:00",
        "db": "BID",
        "id": "24865"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-002313"
      },
      {
        "date": "2007-07-21T02:16:01",
        "db": "PACKETSTORM",
        "id": "57916"
      },
      {
        "date": "2007-07-21T02:11:22",
        "db": "PACKETSTORM",
        "id": "57912"
      },
      {
        "date": "2007-07-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200707-451"
      },
      {
        "date": "2007-07-25T17:30:00",
        "db": "NVD",
        "id": "CVE-2007-3679"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-27041"
      },
      {
        "date": "2007-07-23T23:36:00",
        "db": "BID",
        "id": "24865"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-002313"
      },
      {
        "date": "2007-07-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200707-451"
      },
      {
        "date": "2025-04-09T00:30:58.490000",
        "db": "NVD",
        "id": "CVE-2007-3679"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-451"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Citrix EPA ActiveX Vulnerability in Control Downloading Arbitrary Programs on Client System",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002313"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "24865"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-451"
      }
    ],
    "trust": 0.9
  }
}

GHSA-JR23-4P9P-9P44

Vulnerability from github – Published: 2022-05-01 18:16 – Updated: 2022-05-01 18:16

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-3679"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-07-25T17:30:00Z",
    "severity": "MODERATE"
  },
  "details": "The Citrix EPA ActiveX control (aka the \"endpoint checking control\" or CCAOControl Object) before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows remote attackers to download and execute arbitrary programs onto a client system.",
  "id": "GHSA-jr23-4p9p-9p44",
  "modified": "2022-05-01T18:16:05Z",
  "published": "2022-05-01T18:16:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3679"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35511"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/37845"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26143"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/2916"
    },
    {
      "type": "WEB",
      "url": "http://support.citrix.com/article/CTX113815"
    },
    {
      "type": "WEB",
      "url": "http://support.citrix.com/article/CTX114028"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/474204/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/24865"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/24975"
    },
    {
      "type": "WEB",
      "url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-006.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/2583"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-3679 (GCVE-0-2007-3679)

FKIE_CVE-2007-3679

GSD-2007-3679

VAR-200707-0453

GHSA-JR23-4P9P-9P44

Tags

Sightings

Nomenclature