Lucene search

[email protected]CVE-2007-3679

HistoryJul 25, 2007 - 5:30 p.m.

CVE-2007-3679

2007-07-2517:30:00

[email protected]

web.nvd.nist.gov

citrix

epa

activex

control

remote code execution

cve-2007-3679

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7.2 High

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.8%

JSON

The Citrix EPA ActiveX control (aka the “endpoint checking control” or CCAOControl Object) before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows remote attackers to download and execute arbitrary programs onto a client system.

Affected configurations

NVD

Node

citrixaccess_gatewayRange≤4.5hf1advanced

citrixaccess_gatewayRange≤4.5.5standard

CPENameOperatorVersion
citrix:access_gatewaycitrix access gatewayle4.5
citrix:access_gatewaycitrix access gatewayle4.5.5

CPE	Name	Operator	Version
citrix:access_gateway	citrix access gateway	le	4.5
citrix:access_gateway	citrix access gateway	le	4.5.5

References

osvdb.org/37845

secunia.com/advisories/26143

securityreason.com/securityalert/2916

support.citrix.com/article/CTX113815

support.citrix.com/article/CTX114028

www.securityfocus.com/archive/1/474204/100/0/threaded

www.securityfocus.com/bid/24865

www.securityfocus.com/bid/24975

www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-006.txt

www.vupen.com/english/advisories/2007/2583

exchange.xforce.ibmcloud.com/vulnerabilities/35511

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7.2 High

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.8%

JSON

Related for CVE-2007-3679

prion2 nvd2 securityvulns2 cvelist2 cve1