CVE-2007-3679
First published: Wed Jul 25 2007(Updated: )
The Citrix EPA ActiveX control (aka the "endpoint checking control" or CCAOControl Object) before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows remote attackers to download and execute arbitrary programs onto a client system.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Citrix Access Gateway Plug-in | <=4.5.5 | |
| Citrix Access Gateway Plug-in | <=4.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-006.txt
- http://support.citrix.com/article/CTX113815
- http://support.citrix.com/article/CTX114028
- http://www.securityfocus.com/bid/24865
- http://www.securityfocus.com/bid/24975
- http://secunia.com/advisories/26143
- http://securityreason.com/securityalert/2916
- http://osvdb.org/37845
- http://www.vupen.com/english/advisories/2007/2583
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35511
- http://www.securityfocus.com/archive/1/474204/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2007-3679?
CVE-2007-3679 is considered critical due to its ability to allow remote attackers to execute arbitrary programs on client systems.
How do I fix CVE-2007-3679?
To fix CVE-2007-3679, upgrade to Citrix Access Gateway Standard Edition version 4.5.5 or Advanced Edition version 4.5 HF1 or later.
What software is affected by CVE-2007-3679?
CVE-2007-3679 affects Citrix Access Gateway Standard Edition versions prior to 4.5.5 and Advanced Edition versions prior to 4.5 HF1.
What type of attack does CVE-2007-3679 enable?
CVE-2007-3679 enables remote code execution, allowing unauthorized users to run programs on vulnerable client systems.
When was CVE-2007-3679 disclosed?
CVE-2007-3679 was disclosed in 2007, highlighting significant security risks in older versions of Citrix Access Gateway.
- agent/type
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/remedy
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/references
- agent/weakness
- agent/author
- agent/severity
- agent/softwarecombine
- agent/description
- vendor/citrix
- canonical/citrix access gateway plug-in
- version/citrix access gateway plug-in/4.5.5
- version/citrix access gateway plug-in/4.5