CVE-2007-3679 Information

Description

The Citrix EPA ActiveX control (aka the \endpoint checking control\ or CCAOControl Object) before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows remote attackers to download and execute arbitrary programs onto a client system.

Reference

http://osvdb.org/37845 http://secunia.com/advisories/26143 http://securityreason.com/securityalert/2916 http://support.citrix.com/article/CTX113815 http://support.citrix.com/article/CTX114028 http://www.securityfocus.com/archive/1/474204/100/0/threaded http://www.securityfocus.com/bid/24865 http://www.securityfocus.com/bid/24975 http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-006.txt http://www.vupen.com/english/advisories/2007/2583 https://exchange.xforce.ibmcloud.com/vulnerabilities/35511