VAR-200707-0453
Vulnerability from variot - Updated: 2025-04-10 23:13The Citrix EPA ActiveX control (aka the "endpoint checking control" or CCAOControl Object) before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows remote attackers to download and execute arbitrary programs onto a client system. Citrix EPA ActiveX control is prone to a remote code-execution vulnerability. An attacker may exploit this issue by enticing victims into visiting a malicious webpage. Successful exploits may allow attackers to execute arbitrary code on a victim's computer. This may facilitate a compromise of vulnerable computers. Citrix Access Gateway, a general-purpose SSL VPN device, provides secure and always-on single-point access support for information resources. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Symantec Vulnerability Research
http://www.symantec.com/research
Security Advisory
Advisory ID: SYMSA-2007-006 Advisory Title: Citrix EPA ActiveX Control Design Flaw Author: Michael White / michael_white@symantec.com Release Date: 19-07-2007 Application: Citrix Access Gateway Platform: Internet Explorer/Win32 Severity: Remote arbitrary code execution Vendor status: Patch available CVE Number: CVE-2007-3679 Reference: http://www.securityfocus.com/bid/24865
Overview:
Citrix Access Gateway offers a clientless SSL VPN solution implemented through a series of browser-based controls. As part of the endpoint validation, the ActiveX control for Internet Explorer downloads and executes a series of executable modules from the remote server.
Details:
Researchers identified that the endpoint checking control can be embedded in any web page and subverted to download and execute any executable module of the attacker\x92s choosing.
This vulnerability represents a design flaw in the architecture of the endpoint validation practice.
A high level of browser trust is required to allow the endpoint checks to function correctly, and the control is signed by Citrix Corporation.
Vendor Response:
This has been addressed by a product update. See http://support.citrix.com/article/CTX113815
Recommendation:
Apply the product update as detailed in http://support.citrix.com/article/CTX113815
Common Vulnerabilities and Exposures (CVE) Information:
The Common Vulnerabilities and Exposures (CVE) project has assigned the following names to these issues. These are candidates for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems.
CVE-2007-3679
- -------Symantec Vulnerability Research Advisory Information-------
For questions about this advisory, or to report an error: research@symantec.com
For details on Symantec's Vulnerability Reporting Policy: http://www.symantec.com/research/Symantec-Responsible-Disclosure.pdf
Symantec Vulnerability Research Advisory Archive: http://www.symantec.com/research/
Symantec Vulnerability Research GPG Key: http://www.symantec.com/research/Symantec_Vulnerability_Research_GPG.asc
- -------------Symantec Product Advisory Information-------------
To Report a Security Vulnerability in a Symantec Product: secure@symantec.com
For general information on Symantec's Product Vulnerability reporting and response: http://www.symantec.com/security/
Symantec Product Advisory Archive: http://www.symantec.com/avcenter/security/SymantecAdvisories.html
Symantec Product Advisory PGP Key: http://www.symantec.com/security/Symantec-Vulnerability-Management-Key.asc
Copyright (c) 2007 by Symantec Corp. Permission to redistribute this alert electronically is granted as long as it is not edited in any way unless authorized by Symantec Consulting Services. Reprinting the whole or part of this alert in any medium other than electronically requires permission from research@symantec.com.
Disclaimer The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
Symantec, Symantec products, and Symantec Consulting Services are registered trademarks of Symantec Corp. and/or affiliated companies in the United States and other countries. All other registered and unregistered trademarks represented in this document are the sole property of their respective companies/owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32)
iD8DBQFGnRXXuk7IIFI45IARAla8AKDKwcYD23htC+trwq1Ke5Qvam99YACfUgJh VynDvAnppLmojz2wbrLfR+U= =QakL -----END PGP SIGNATURE----- .
Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure.
The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications.
TITLE: Citrix Access Gateway Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA26143
VERIFY ADVISORY: http://secunia.com/advisories/26143/
CRITICAL: Highly critical
IMPACT: Cross Site Scripting, Exposure of sensitive information, System access
WHERE:
From remote
SOFTWARE: Citrix Access Gateway 4.x http://secunia.com/product/6168/
DESCRIPTION: Some vulnerabilities and a security issue have been reported in Citrix Access Gateway, which can be exploited by malicious people to disclose sensitive information, conduct cross-site request forgery attacks, or to compromise a user's system.
1) A security issue due to residual information left on the client device can be exploited to gain unauthorized access to a user\x92s active session.
This security issue is reported in Access Gateway Advanced Edition 4.5 and prior.
These vulnerabilities are reported in Access Gateway Standard Edition 4.5.2 and prior and Access Gateway Advanced Editions version 4.5 and prior with appliance firmware 4.5.2 and prior.
3) The web-based administration console of an Access Gateway appliance allows administrator to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to e.g. change certain configuration settings, by enticing a logged-in administrator to visit a malicious web site.
This vulnerability is reported in Access Gateway model 2000 appliances with firmware version 4.5.2 and prior. Access Gateway Enterprise Edition is reportedly not affected.
A redirection issue that may facilitate phishing attacks has also been reported.
SOLUTION: Apply hotfix and update firmware to version 4.5.5. 2) The vendor credits Michael White, Symantec. 3) The vendor credits Paul Johnston.
ORIGINAL ADVISORY: http://support.citrix.com/article/CTX113814 http://support.citrix.com/article/CTX113815 http://support.citrix.com/article/CTX113816 http://support.citrix.com/article/CTX113817
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200707-0453",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "access gateway",
"scope": "eq",
"trust": 1.4,
"vendor": "citrix",
"version": "4.5.5"
},
{
"model": "access gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "citrix",
"version": "4.5"
},
{
"model": "access gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "citrix",
"version": "4.5.5"
},
{
"model": "access gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "citrix",
"version": "4.5 hf1"
},
{
"model": "access gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "advanced edition"
},
{
"model": "access gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "st ard edition"
},
{
"model": "access gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "citrix",
"version": "4.5"
},
{
"model": "access gateway standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "4.5"
},
{
"model": "access gateway advanced edition",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "4.5"
},
{
"model": "access gateway aac",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "4.0"
},
{
"model": "access gateway aac",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "4.2"
},
{
"model": "access gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "24865"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002313"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-451"
},
{
"db": "NVD",
"id": "CVE-2007-3679"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:citrix:access_gateway",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002313"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Michael White\u203b michael_white@symantec.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200707-451"
}
],
"trust": 0.6
},
"cve": "CVE-2007-3679",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2007-3679",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-27041",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-3679",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2007-3679",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200707-451",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-27041",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-27041"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002313"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-451"
},
{
"db": "NVD",
"id": "CVE-2007-3679"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Citrix EPA ActiveX control (aka the \"endpoint checking control\" or CCAOControl Object) before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows remote attackers to download and execute arbitrary programs onto a client system. Citrix EPA ActiveX control is prone to a remote code-execution vulnerability. \nAn attacker may exploit this issue by enticing victims into visiting a malicious webpage. \nSuccessful exploits may allow attackers to execute arbitrary code on a victim\u0027s computer. This may facilitate a compromise of vulnerable computers. Citrix Access Gateway, a general-purpose SSL VPN device, provides secure and always-on single-point access support for information resources. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n Symantec Vulnerability Research\n http://www.symantec.com/research\n Security Advisory\n\n Advisory ID: SYMSA-2007-006\nAdvisory Title: Citrix EPA ActiveX Control Design Flaw\n Author: Michael White / michael_white@symantec.com\n Release Date: 19-07-2007\n Application: Citrix Access Gateway\n Platform: Internet Explorer/Win32\n Severity: Remote arbitrary code execution\n Vendor status: Patch available\n CVE Number: CVE-2007-3679\n Reference: http://www.securityfocus.com/bid/24865\n\n\nOverview:\n\nCitrix Access Gateway offers a clientless SSL VPN solution\nimplemented through a series of browser-based controls. As part of\nthe endpoint validation, the ActiveX control for Internet Explorer\ndownloads and executes a series of executable modules from the\nremote server. \n\nDetails:\n\nResearchers identified that the endpoint checking control can be\nembedded in any web page and subverted to download and execute any\nexecutable module of the attacker\\x92s choosing. \n\nThis vulnerability represents a design flaw in the architecture of\nthe endpoint validation practice. \n\nA high level of browser trust is required to allow the endpoint\nchecks to function correctly, and the control is signed by Citrix\nCorporation. \n\nVendor Response:\n\nThis has been addressed by a product update. \nSee http://support.citrix.com/article/CTX113815\n\nRecommendation:\n\nApply the product update as detailed in \nhttp://support.citrix.com/article/CTX113815\n\nCommon Vulnerabilities and Exposures (CVE) Information:\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned\nthe following names to these issues. These are candidates for\ninclusion in the CVE list (http://cve.mitre.org), which standardizes\nnames for security problems. \n\n CVE-2007-3679\n\n- -------Symantec Vulnerability Research Advisory Information-------\n\nFor questions about this advisory, or to report an error:\nresearch@symantec.com\n\nFor details on Symantec\u0027s Vulnerability Reporting Policy:\nhttp://www.symantec.com/research/Symantec-Responsible-Disclosure.pdf\n\nSymantec Vulnerability Research Advisory Archive:\nhttp://www.symantec.com/research/\n\nSymantec Vulnerability Research GPG Key:\nhttp://www.symantec.com/research/Symantec_Vulnerability_Research_GPG.asc\n\n- -------------Symantec Product Advisory Information-------------\n\nTo Report a Security Vulnerability in a Symantec Product:\nsecure@symantec.com\n\nFor general information on Symantec\u0027s Product Vulnerability\nreporting and response:\nhttp://www.symantec.com/security/\n\nSymantec Product Advisory Archive:\nhttp://www.symantec.com/avcenter/security/SymantecAdvisories.html\n\nSymantec Product Advisory PGP Key:\nhttp://www.symantec.com/security/Symantec-Vulnerability-Management-Key.asc\n\n- ---------------------------------------------------------------\n\nCopyright (c) 2007 by Symantec Corp. \nPermission to redistribute this alert electronically is granted\nas long as it is not edited in any way unless authorized by\nSymantec Consulting Services. Reprinting the whole or part of\nthis alert in any medium other than electronically requires\npermission from research@symantec.com. \n\nDisclaimer\nThe information in the advisory is believed to be accurate at the\ntime of publishing based on currently available information. Use\nof the information constitutes acceptance for use in an AS IS\ncondition. There are no warranties with regard to this information. \nNeither the author nor the publisher accepts any liability for any\ndirect, indirect, or consequential loss or damage arising from use\nof, or reliance on, this information. \n\nSymantec, Symantec products, and Symantec Consulting Services are\nregistered trademarks of Symantec Corp. and/or affiliated companies\nin the United States and other countries. All other registered and\nunregistered trademarks represented in this document are the sole\nproperty of their respective companies/owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (MingW32)\n\niD8DBQFGnRXXuk7IIFI45IARAla8AKDKwcYD23htC+trwq1Ke5Qvam99YACfUgJh\nVynDvAnppLmojz2wbrLfR+U=\n=QakL\n-----END PGP SIGNATURE-----\n. \n\n----------------------------------------------------------------------\n\nTry a new way to discover vulnerabilities that ALREADY EXIST in your\nIT infrastructure. \n\nThe Full Featured Secunia Network Software Inspector (NSI) is now\navailable:\nhttp://secunia.com/network_software_inspector/\n\nThe Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT\nvulnerabilities in more than 4,000 different Windows applications. \n\n----------------------------------------------------------------------\n\nTITLE:\nCitrix Access Gateway Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA26143\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/26143/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nCross Site Scripting, Exposure of sensitive information, System\naccess\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nCitrix Access Gateway 4.x\nhttp://secunia.com/product/6168/\n\nDESCRIPTION:\nSome vulnerabilities and a security issue have been reported in\nCitrix Access Gateway, which can be exploited by malicious people to\ndisclose sensitive information, conduct cross-site request forgery\nattacks, or to compromise a user\u0027s system. \n\n1) A security issue due to residual information left on the client\ndevice can be exploited to gain unauthorized access to a user\\x92s\nactive session. \n\nThis security issue is reported in Access Gateway Advanced Edition\n4.5 and prior. \n\nThese vulnerabilities are reported in Access Gateway Standard Edition\n4.5.2 and prior and Access Gateway Advanced Editions version 4.5 and\nprior with appliance firmware 4.5.2 and prior. \n\n3) The web-based administration console of an Access Gateway\nappliance allows administrator to perform certain actions via HTTP\nrequests without performing any validity checks to verify the\nrequest. This can be exploited to e.g. change certain configuration\nsettings, by enticing a logged-in administrator to visit a malicious\nweb site. \n\nThis vulnerability is reported in Access Gateway model 2000\nappliances with firmware version 4.5.2 and prior. Access Gateway\nEnterprise Edition is reportedly not affected. \n\nA redirection issue that may facilitate phishing attacks has also\nbeen reported. \n\nSOLUTION:\nApply hotfix and update firmware to version 4.5.5. \n2) The vendor credits Michael White, Symantec. \n3) The vendor credits Paul Johnston. \n\nORIGINAL ADVISORY:\nhttp://support.citrix.com/article/CTX113814\nhttp://support.citrix.com/article/CTX113815\nhttp://support.citrix.com/article/CTX113816\nhttp://support.citrix.com/article/CTX113817\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3679"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002313"
},
{
"db": "BID",
"id": "24865"
},
{
"db": "VULHUB",
"id": "VHN-27041"
},
{
"db": "PACKETSTORM",
"id": "57916"
},
{
"db": "PACKETSTORM",
"id": "57912"
}
],
"trust": 2.16
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-27041",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-27041"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-3679",
"trust": 2.9
},
{
"db": "BID",
"id": "24865",
"trust": 2.1
},
{
"db": "SECUNIA",
"id": "26143",
"trust": 1.8
},
{
"db": "BID",
"id": "24975",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-2583",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "37845",
"trust": 1.7
},
{
"db": "SREASON",
"id": "2916",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002313",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200707-451",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20070718 SYMSA-2007-006: CITRIX EPA ACTIVEX CONTROL DESIGN FLAW",
"trust": 0.6
},
{
"db": "XF",
"id": "35511",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "57916",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-27041",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "57912",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-27041"
},
{
"db": "BID",
"id": "24865"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002313"
},
{
"db": "PACKETSTORM",
"id": "57916"
},
{
"db": "PACKETSTORM",
"id": "57912"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-451"
},
{
"db": "NVD",
"id": "CVE-2007-3679"
}
]
},
"id": "VAR-200707-0453",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-27041"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-10T23:13:15.655000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CTX113815",
"trust": 0.8,
"url": "http://support.citrix.com/article/CTX113815"
},
{
"title": "CTX114028",
"trust": 0.8,
"url": "http://support.citrix.com/article/CTX114028"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002313"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3679"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://support.citrix.com/article/ctx113815"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/24865"
},
{
"trust": 1.8,
"url": "http://support.citrix.com/article/ctx114028"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/24975"
},
{
"trust": 1.7,
"url": "http://www.symantec.com/content/en/us/enterprise/research/symsa-2007-006.txt"
},
{
"trust": 1.7,
"url": "http://osvdb.org/37845"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26143"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/2916"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/474204/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2007/2583"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35511"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3679"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3679"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2007/2583"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/474204/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/35511"
},
{
"trust": 0.3,
"url": "http://www.citrix.com/"
},
{
"trust": 0.3,
"url": "/archive/1/474204"
},
{
"trust": 0.1,
"url": "http://www.symantec.com/research/symantec-responsible-disclosure.pdf"
},
{
"trust": 0.1,
"url": "http://www.symantec.com/research"
},
{
"trust": 0.1,
"url": "http://www.symantec.com/research/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3679"
},
{
"trust": 0.1,
"url": "http://www.symantec.com/avcenter/security/symantecadvisories.html"
},
{
"trust": 0.1,
"url": "http://www.symantec.com/security/"
},
{
"trust": 0.1,
"url": "http://www.symantec.com/security/symantec-vulnerability-management-key.asc"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org),"
},
{
"trust": 0.1,
"url": "http://www.symantec.com/research/symantec_vulnerability_research_gpg.asc"
},
{
"trust": 0.1,
"url": "http://support.citrix.com/article/ctx113817"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/6168/"
},
{
"trust": 0.1,
"url": "http://secunia.com/network_software_inspector/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/26143/"
},
{
"trust": 0.1,
"url": "http://support.citrix.com/article/ctx112803"
},
{
"trust": 0.1,
"url": "http://support.citrix.com/article/ctx113814"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://support.citrix.com/article/ctx113816"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-27041"
},
{
"db": "BID",
"id": "24865"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002313"
},
{
"db": "PACKETSTORM",
"id": "57916"
},
{
"db": "PACKETSTORM",
"id": "57912"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-451"
},
{
"db": "NVD",
"id": "CVE-2007-3679"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-27041"
},
{
"db": "BID",
"id": "24865"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002313"
},
{
"db": "PACKETSTORM",
"id": "57916"
},
{
"db": "PACKETSTORM",
"id": "57912"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-451"
},
{
"db": "NVD",
"id": "CVE-2007-3679"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-07-25T00:00:00",
"db": "VULHUB",
"id": "VHN-27041"
},
{
"date": "2007-07-19T00:00:00",
"db": "BID",
"id": "24865"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-002313"
},
{
"date": "2007-07-21T02:16:01",
"db": "PACKETSTORM",
"id": "57916"
},
{
"date": "2007-07-21T02:11:22",
"db": "PACKETSTORM",
"id": "57912"
},
{
"date": "2007-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200707-451"
},
{
"date": "2007-07-25T17:30:00",
"db": "NVD",
"id": "CVE-2007-3679"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-15T00:00:00",
"db": "VULHUB",
"id": "VHN-27041"
},
{
"date": "2007-07-23T23:36:00",
"db": "BID",
"id": "24865"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-002313"
},
{
"date": "2007-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200707-451"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2007-3679"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200707-451"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Citrix EPA ActiveX Vulnerability in Control Downloading Arbitrary Programs on Client System",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002313"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "24865"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-451"
}
],
"trust": 0.9
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.