CVE-2007-3679
Severity Score
4.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Citrix EPA ActiveX control (aka the "endpoint checking control" or CCAOControl Object) before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows remote attackers to download and execute arbitrary programs onto a client system.
El control ActiveX Citrix EPA (también conocido como el "endpoint checking control" ó Objeto CCAOControl) versiones anteriores a 4.5.0.0 en npCtxCAO.dll de Citrix Access Gateway Standard Edition versiones anteriores a 4.5.5 y Advanced Edition versiones anteriores a 4.5 HF1, permite a atacantes remotos descargar y ejecutar programas de su elección en un sistema cliente.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-07-11 CVE Reserved
- 2007-07-21 CVE Published
- 2024-08-07 CVE Updated
- 2024-09-19 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/37845 | Vdb Entry | |
| http://securityreason.com/securityalert/2916 | Third Party Advisory | |
| http://www.securityfocus.com/archive/1/474204/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/24865 | Vdb Entry | |
| http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-006.txt | X_refsource_misc | |
| http://www.vupen.com/english/advisories/2007/2583 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/35511 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/26143 | 2018-10-15 | |
| http://support.citrix.com/article/CTX113815 | 2018-10-15 | |
| http://support.citrix.com/article/CTX114028 | 2018-10-15 | |
| http://www.securityfocus.com/bid/24975 | 2018-10-15 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Citrix Search vendor "Citrix" | Access Gateway Search vendor "Citrix" for product "Access Gateway" | <= 4.5 Search vendor "Citrix" for product "Access Gateway" and version " <= 4.5" | hf1, advanced |
Affected
| ||||||
| Citrix Search vendor "Citrix" | Access Gateway Search vendor "Citrix" for product "Access Gateway" | <= 4.5.5 Search vendor "Citrix" for product "Access Gateway" and version " <= 4.5.5" | standard |
Affected
| ||||||