CVE-2007-3679
Citrix Access Gateway < 4.5.5 - Remote Code Execution via EPA ActiveX Control
Title source: llmDescription
The Citrix EPA ActiveX control (aka the "endpoint checking control" or CCAOControl Object) before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows remote attackers to download and execute arbitrary programs onto a client system.
References (11)
Core 11
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/37845
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/2583
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/2916
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/26143
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/24975
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/474204/100/0/threaded
Third Party Advisory x_refsource_misc
http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-006.txt
Patch x_refsource_confirm
http://support.citrix.com/article/CTX113815
Patch x_refsource_confirm
http://support.citrix.com/article/CTX114028
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/24865
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/35511
Scores
EPSS
0.0117
EPSS Percentile
78.9%
Details
Status
published
Products (2)
citrix/access_gateway
< 4.5
citrix/access_gateway
< 4.5.5
Published
Jul 25, 2007
Tracked Since
Feb 18, 2026