CVE-2007-3679 - OpenCVE

The Citrix EPA ActiveX control (aka the "endpoint checking control" or CCAOControl Object) before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows remote attackers to download and execute arbitrary programs onto a client system.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Citrix	Access Gateway

Configuration 1 [-]

OR	cpe:2.3:a:citrix:access_gateway::hf1:advanced:::::
	cpe:2.3:a:citrix:access_gateway:::standard:::::*

No data.

References

Link	Providers
http://osvdb.org/37845
http://secunia.com/advisories/26143
http://securityreason.com/securityalert/2916
http://support.citrix.com/article/CTX113815
http://support.citrix.com/article/CTX114028
http://www.securityfocus.com/archive/1/474204/100/0/threaded
http://www.securityfocus.com/bid/24865
http://www.securityfocus.com/bid/24975
http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-006.txt
http://www.vupen.com/english/advisories/2007/2583
https://exchange.xforce.ibmcloud.com/vulnerabilities/35511

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-07-25T17:00:00

Updated: 2024-08-07T14:28:51.285Z

Reserved: 2007-07-11T00:00:00

Link: CVE-2007-3679

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-07-25T17:30:00.000

Modified: 2018-10-15T21:29:49.287

Link: CVE-2007-3679

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-07-18T00:00:00", "descriptions": [{"lang": "en", "value": "The Citrix EPA ActiveX control (aka the \"endpoint checking control\" or CCAOControl Object) before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows remote attackers to download and execute arbitrary programs onto a client system."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "37845", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/37845"}, {"name": "ADV-2007-2583", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2583"}, {"name": "2916", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2916"}, {"name": "26143", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26143"}, {"name": "24975", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/24975"}, {"name": "20070718 SYMSA-2007-006: Citrix EPA ActiveX Control Design Flaw", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/474204/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-006.txt"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.citrix.com/article/CTX113815"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.citrix.com/article/CTX114028"}, {"name": "24865", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/24865"}, {"name": "citrix-access-activex-plugin-code-execution(35511)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35511"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-3679", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Citrix EPA ActiveX control (aka the \"endpoint checking control\" or CCAOControl Object) before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows remote attackers to download and execute arbitrary programs onto a client system."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "37845", "refsource": "OSVDB", "url": "http://osvdb.org/37845"}, {"name": "ADV-2007-2583", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2583"}, {"name": "2916", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2916"}, {"name": "26143", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26143"}, {"name": "24975", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24975"}, {"name": "20070718 SYMSA-2007-006: Citrix EPA ActiveX Control Design Flaw", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/474204/100/0/threaded"}, {"name": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-006.txt", "refsource": "MISC", "url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-006.txt"}, {"name": "http://support.citrix.com/article/CTX113815", "refsource": "CONFIRM", "url": "http://support.citrix.com/article/CTX113815"}, {"name": "http://support.citrix.com/article/CTX114028", "refsource": "CONFIRM", "url": "http://support.citrix.com/article/CTX114028"}, {"name": "24865", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24865"}, {"name": "citrix-access-activex-plugin-code-execution(35511)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35511"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T14:28:51.285Z"}, "title": "CVE Program Container", "references": [{"name": "37845", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/37845"}, {"name": "ADV-2007-2583", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/2583"}, {"name": "2916", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/2916"}, {"name": "26143", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26143"}, {"name": "24975", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/24975"}, {"name": "20070718 SYMSA-2007-006: Citrix EPA ActiveX Control Design Flaw", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/474204/100/0/threaded"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-006.txt"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.citrix.com/article/CTX113815"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.citrix.com/article/CTX114028"}, {"name": "24865", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/24865"}, {"name": "citrix-access-activex-plugin-code-execution(35511)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35511"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-3679", "datePublished": "2007-07-25T17:00:00", "dateReserved": "2007-07-11T00:00:00", "dateUpdated": "2024-08-07T14:28:51.285Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:citrix:access_gateway:*:hf1:advanced:*:*:*:*:*", "matchCriteriaId": "7A132506-353D-4128-82A2-46DBC000B753", "versionEndIncluding": "4.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:access_gateway:*:*:standard:*:*:*:*:*", "matchCriteriaId": "47ABB5D2-79BD-48AC-877E-E671C7408362", "versionEndIncluding": "4.5.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Citrix EPA ActiveX control (aka the \"endpoint checking control\" or CCAOControl Object) before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows remote attackers to download and execute arbitrary programs onto a client system."}, {"lang": "es", "value": "El control ActiveX Citrix EPA (tambi\u00e9n conocido como el \"endpoint checking control\" \u00f3 Objeto CCAOControl) versiones anteriores a 4.5.0.0 en npCtxCAO.dll de Citrix Access Gateway Standard Edition versiones anteriores a 4.5.5 y Advanced Edition versiones anteriores a 4.5 HF1, permite a atacantes remotos descargar y ejecutar programas de su elecci\u00f3n en un sistema cliente."}], "evaluatorComment": "User must be logged in.", "id": "CVE-2007-3679", "lastModified": "2018-10-15T21:29:49.287", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-07-25T17:30:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/37845"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/26143"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2916"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://support.citrix.com/article/CTX113815"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://support.citrix.com/article/CTX114028"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/474204/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/24865"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/24975"}, {"source": "cve@mitre.org", "url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-006.txt"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/2583"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35511"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}