{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-07-18T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "The Citrix EPA ActiveX control (aka the \"endpoint checking control\" or CCAOControl Object) before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows remote attackers to download and execute arbitrary programs onto a client system."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "37845", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/37845"}, {"name": "ADV-2007-2583", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2583"}, {"name": "2916", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2916"}, {"name": "26143", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26143"}, {"name": "24975", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/24975"}, {"name": "20070718 SYMSA-2007-006: Citrix EPA ActiveX Control Design Flaw", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/474204/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-006.txt"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.citrix.com/article/CTX113815"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.citrix.com/article/CTX114028"}, {"name": "24865", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/24865"}, {"name": "citrix-access-activex-plugin-code-execution(35511)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35511"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-3679", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Citrix EPA ActiveX control (aka the \"endpoint checking control\" or CCAOControl Object) before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows remote attackers to download and execute arbitrary programs onto a client system."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "37845", "refsource": "OSVDB", "url": "http://osvdb.org/37845"}, {"name": "ADV-2007-2583", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2583"}, {"name": "2916", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2916"}, {"name": "26143", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26143"}, {"name": "24975", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24975"}, {"name": "20070718 SYMSA-2007-006: Citrix EPA ActiveX Control Design Flaw", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/474204/100/0/threaded"}, {"name": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-006.txt", "refsource": "MISC", "url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-006.txt"}, {"name": "http://support.citrix.com/article/CTX113815", "refsource": "CONFIRM", "url": "http://support.citrix.com/article/CTX113815"}, {"name": "http://support.citrix.com/article/CTX114028", "refsource": "CONFIRM", "url": "http://support.citrix.com/article/CTX114028"}, {"name": "24865", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24865"}, {"name": "citrix-access-activex-plugin-code-execution(35511)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35511"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T14:28:51.285Z"}, "title": "CVE Program Container", "references": [{"name": "37845", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/37845"}, {"name": "ADV-2007-2583", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/2583"}, {"name": "2916", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/2916"}, {"name": "26143", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26143"}, {"name": "24975", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/24975"}, {"name": "20070718 SYMSA-2007-006: Citrix EPA ActiveX Control Design Flaw", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/474204/100/0/threaded"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-006.txt"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.citrix.com/article/CTX113815"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.citrix.com/article/CTX114028"}, {"name": "24865", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/24865"}, {"name": "citrix-access-activex-plugin-code-execution(35511)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35511"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-3679", "datePublished": "2007-07-25T17:00:00.000Z", "dateReserved": "2007-07-11T00:00:00.000Z", "dateUpdated": "2024-08-07T14:28:51.285Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:citrix:access_gateway:*:hf1:advanced:*:*:*:*:*", "matchCriteriaId": "7A132506-353D-4128-82A2-46DBC000B753", "versionEndIncluding": "4.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:access_gateway:*:*:standard:*:*:*:*:*", "matchCriteriaId": "47ABB5D2-79BD-48AC-877E-E671C7408362", "versionEndIncluding": "4.5.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Citrix EPA ActiveX control (aka the \"endpoint checking control\" or CCAOControl Object) before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows remote attackers to download and execute arbitrary programs onto a client system."}, {"lang": "es", "value": "El control ActiveX Citrix EPA (tambi\u00e9n conocido como el \"endpoint checking control\" \u00f3 Objeto CCAOControl) versiones anteriores a 4.5.0.0 en npCtxCAO.dll de Citrix Access Gateway Standard Edition versiones anteriores a 4.5.5 y Advanced Edition versiones anteriores a 4.5 HF1, permite a atacantes remotos descargar y ejecutar programas de su elecci\u00f3n en un sistema cliente."}], "evaluatorComment": "User must be logged in.", "id": "CVE-2007-3679", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-07-25T17:30:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/37845"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/26143"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2916"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://support.citrix.com/article/CTX113815"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://support.citrix.com/article/CTX114028"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/474204/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/24865"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/24975"}, {"source": "cve@mitre.org", "url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-006.txt"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/2583"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35511"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/37845"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/26143"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/2916"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://support.citrix.com/article/CTX113815"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://support.citrix.com/article/CTX114028"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/474204/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/24865"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/24975"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-006.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/2583"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35511"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}