CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
83.8%
The Citrix EPA ActiveX control (aka the “endpoint checking control” or CCAOControl Object) before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows remote attackers to download and execute arbitrary programs onto a client system.
Vendor | Product | Version | CPE |
---|---|---|---|
citrix | access_gateway | * | cpe:2.3:a:citrix:access_gateway:*:hf1:advanced:*:*:*:*:* |
citrix | access_gateway | * | cpe:2.3:a:citrix:access_gateway:*:*:standard:*:*:*:*:* |
osvdb.org/37845
secunia.com/advisories/26143
securityreason.com/securityalert/2916
support.citrix.com/article/CTX113815
support.citrix.com/article/CTX114028
www.securityfocus.com/archive/1/474204/100/0/threaded
www.securityfocus.com/bid/24865
www.securityfocus.com/bid/24975
www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-006.txt
www.vupen.com/english/advisories/2007/2583
exchange.xforce.ibmcloud.com/vulnerabilities/35511