Unrated severityNVD Advisory· Published Jul 25, 2007· Updated Apr 23, 2026

CVE-2007-3679

Description

The Citrix EPA ActiveX control (aka the "endpoint checking control" or CCAOControl Object) before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows remote attackers to download and execute arbitrary programs onto a client system.

Affected products

Citrix Systems/Access Gateway2 versions
cpe:2.3:a:citrix:access_gateway:*:hf1:advanced:*:*:*:*:*+ 1 more
- cpe:2.3:a:citrix:access_gateway:*:hf1:advanced:*:*:*:*:*range: <=4.5
- cpe:2.3:a:citrix:access_gateway:*:*:standard:*:*:*:*:*range: <=4.5.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/26143nvdPatchVendor Advisory
support.citrix.com/article/CTX113815nvdPatch
support.citrix.com/article/CTX114028nvdPatch
www.securityfocus.com/bid/24975nvdPatch
osvdb.org/37845nvd
securityreason.com/securityalert/2916nvd
www.securityfocus.com/archive/1/474204/100/0/threadednvd
www.securityfocus.com/bid/24865nvd
www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-006.txtnvd
www.vupen.com/english/advisories/2007/2583nvd
exchange.xforce.ibmcloud.com/vulnerabilities/35511nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000