Vulnerability Description
The Citrix EPA ActiveX control (aka the "endpoint checking control" or CCAOControl Object) before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows remote attackers to download and execute arbitrary programs onto a client system.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Citrix | Access Gateway | <= 4.5 |
References
- http://osvdb.org/37845
- http://secunia.com/advisories/26143PatchVendor Advisory
- http://securityreason.com/securityalert/2916
- http://support.citrix.com/article/CTX113815Patch
- http://support.citrix.com/article/CTX114028Patch
- http://www.securityfocus.com/archive/1/474204/100/0/threaded
- http://www.securityfocus.com/bid/24865
- http://www.securityfocus.com/bid/24975Patch
- http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-006.txt
- http://www.vupen.com/english/advisories/2007/2583
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35511
- http://osvdb.org/37845
- http://secunia.com/advisories/26143PatchVendor Advisory
- http://securityreason.com/securityalert/2916
- http://support.citrix.com/article/CTX113815Patch
FAQ
What is CVE-2007-3679?
CVE-2007-3679 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The Citrix EPA ActiveX control (aka the "endpoint checking control" or CCAOControl Object) before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition be...
How severe is CVE-2007-3679?
CVE-2007-3679 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3679?
Check the references section above for vendor advisories and patch information. Affected products include: Citrix Access Gateway.