FKIE_CVE-2007-3679

Vulnerability from fkie_nvd - Published: 2007-07-25 17:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
The Citrix EPA ActiveX control (aka the "endpoint checking control" or CCAOControl Object) before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows remote attackers to download and execute arbitrary programs onto a client system.
References
cve@mitre.orghttp://osvdb.org/37845
cve@mitre.orghttp://secunia.com/advisories/26143Patch, Vendor Advisory
cve@mitre.orghttp://securityreason.com/securityalert/2916
cve@mitre.orghttp://support.citrix.com/article/CTX113815Patch
cve@mitre.orghttp://support.citrix.com/article/CTX114028Patch
cve@mitre.orghttp://www.securityfocus.com/archive/1/474204/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/24865
cve@mitre.orghttp://www.securityfocus.com/bid/24975Patch
cve@mitre.orghttp://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-006.txt
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/2583
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/35511
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/37845
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26143Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/2916
af854a3a-2127-422b-91ae-364da2661108http://support.citrix.com/article/CTX113815Patch
af854a3a-2127-422b-91ae-364da2661108http://support.citrix.com/article/CTX114028Patch
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/474204/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/24865
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/24975Patch
af854a3a-2127-422b-91ae-364da2661108http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-006.txt
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/2583
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/35511
Impacted products
Vendor Product Version
citrix access_gateway *
citrix access_gateway *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:citrix:access_gateway:*:hf1:advanced:*:*:*:*:*",
              "matchCriteriaId": "7A132506-353D-4128-82A2-46DBC000B753",
              "versionEndIncluding": "4.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:access_gateway:*:*:standard:*:*:*:*:*",
              "matchCriteriaId": "47ABB5D2-79BD-48AC-877E-E671C7408362",
              "versionEndIncluding": "4.5.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Citrix EPA ActiveX control (aka the \"endpoint checking control\" or CCAOControl Object) before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows remote attackers to download and execute arbitrary programs onto a client system."
    },
    {
      "lang": "es",
      "value": "El control ActiveX Citrix EPA (tambi\u00e9n conocido como el \"endpoint checking control\" \u00f3 Objeto CCAOControl) versiones anteriores a 4.5.0.0 en npCtxCAO.dll de Citrix Access Gateway Standard Edition versiones anteriores a 4.5.5 y Advanced Edition versiones anteriores a 4.5 HF1, permite a atacantes remotos descargar y ejecutar programas de su elecci\u00f3n en un sistema cliente."
    }
  ],
  "evaluatorComment": "User must be logged in.",
  "id": "CVE-2007-3679",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-07-25T17:30:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/37845"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26143"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/2916"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://support.citrix.com/article/CTX113815"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://support.citrix.com/article/CTX114028"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/474204/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/24865"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/24975"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-006.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/2583"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35511"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/37845"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26143"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/2916"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://support.citrix.com/article/CTX113815"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://support.citrix.com/article/CTX114028"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/474204/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/24865"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/24975"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-006.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2583"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35511"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.