PT-2007-4925 · Citrix · Citrix Access Gateway Standard Edition+2

Published

2007-07-25

Updated

2018-10-15

CVE-2007-3679

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Citrix Access Gateway Standard Edition versions prior to 4.5.5 Citrix Access Gateway Advanced Edition versions prior to 4.5 HF1 Citrix EPA ActiveX control version prior to 4.5.0.0

Description The issue allows remote attackers to download and execute arbitrary programs onto a client system. This is due to a problem in the Citrix EPA ActiveX control, also known as the endpoint checking control or CCAOControl Object, which is part of npCtxCAO.dll.

Recommendations For Citrix Access Gateway Standard Edition versions prior to 4.5.5, update to version 4.5.5 or later. For Citrix Access Gateway Advanced Edition versions prior to 4.5 HF1, update to version 4.5 HF1 or later. For the Citrix EPA ActiveX control version prior to 4.5.0.0, update to version 4.5.0.0 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-3679

Affected Products

Citrix Access Gateway Advanced Edition

Citrix Access Gateway Standard Edition

Citrix Epa Activex Control

PT-2007-4925 · Citrix · Citrix Access Gateway Standard Edition+2

CVE-2007-3679

Related Identifiers

Affected Products

References · 13