CVE-2007-3679
published 2007-07-25CVE-2007-3679: The Citrix EPA ActiveX control (aka the "endpoint checking control" or CCAOControl Object) before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Standard…
PriorityP423medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.68%
74.0th percentile
The Citrix EPA ActiveX control (aka the "endpoint checking control" or CCAOControl Object) before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows remote attackers to download and execute arbitrary programs onto a client system.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | access_gateway | <= 4.5 | — |
| citrix | access_gateway | <= 4.5.5 | — |
| citrix | citrix_adm | — | — |
| citrix | citrix_hypervisor | — | — |
| citrix | citrix_virtual_apps_and_desktops | — | — |
| citrix | endpoint_management | — | — |
| citrix | netscaler_adc | — | — |
| citrix | netscaler_gateway | — | — |
| citrix | xenserver | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Citrix
CVE-2007-4013: Multiple unspecified vulnerabilities in (1) Net6Helper.DLL (aka Net6Launcher Class) 4.5.2 and earlier, (2) npCtxCAO.dll (aka Citrix Endpoint Analysis
vendor_citrix·2007-07-26·CVSS 9.3
CVE-2007-4013 [MEDIUM] CVE-2007-4013: Multiple unspecified vulnerabilities in (1) Net6Helper.DLL (aka Net6Launcher Class) 4.5.2 and earlier, (2) npCtxCAO.dll (aka Citrix Endpoint Analysis
CVE-2007-4013: Multiple unspecified vulnerabilities in (1) Net6Helper.DLL (aka Net6Launcher Class) 4.5.2 and earlier, (2) npCtxCAO.dll (aka Citrix Endpoint Analysis Client) in a Firefox plugin directory, and (3) a second npCtxCAO.dll (aka CCAOControl Object) before 4.5.0.0 in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 have unknown impact and attack vectors, possibly related to buffer overflows. NOTE: vector 3 might overlap CVE-2007-3679.
Citrix
CVE-2007-3679: The Citrix EPA ActiveX control (aka the "endpoint checking control" or CCAOControl Object) before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Sta
vendor_citrix·2007-07-25·CVSS 4.3
CVE-2007-3679 [MEDIUM] CVE-2007-3679: The Citrix EPA ActiveX control (aka the "endpoint checking control" or CCAOControl Object) before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Sta
CVE-2007-3679: The Citrix EPA ActiveX control (aka the "endpoint checking control" or CCAOControl Object) before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows remote attackers to download and execute arbitrary programs onto a client system.
Citrix
Citrix Security Bulletin CTX113815
vendor_citrix·CVSS 4.3
CVE-2007-3679 [MEDIUM] Citrix Security Bulletin CTX113815
Citrix Security Bulletin CTX113815
CVE References: CVE-2007-3679, CVE-2007-4013, CVE-2007-4016, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX114028
vendor_citrix·CVSS 4.3
CVE-2007-3679 [MEDIUM] Citrix Security Bulletin CTX114028
Citrix Security Bulletin CTX114028
CVE References: CVE-2007-3679, CVE-2007-4013, CVE-2007-4016, CVE-2007-4017, CVE-2007-4018, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
GHSA
GHSA-jr23-4p9p-9p44: The Citrix EPA ActiveX control (aka the "endpoint checking control" or CCAOControl Object) before 4
ghsa_unreviewed·2022-05-01
CVE-2007-3679 [MEDIUM] GHSA-jr23-4p9p-9p44: The Citrix EPA ActiveX control (aka the "endpoint checking control" or CCAOControl Object) before 4
The Citrix EPA ActiveX control (aka the "endpoint checking control" or CCAOControl Object) before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows remote attackers to download and execute arbitrary programs onto a client system.
GHSA
GHSA-7hh7-mhm5-pgp7: Multiple unspecified vulnerabilities in (1) Net6Helper
ghsa_unreviewed·2022-05-01·CVSS 4.3
CVE-2007-4013 [MEDIUM] GHSA-7hh7-mhm5-pgp7: Multiple unspecified vulnerabilities in (1) Net6Helper
Multiple unspecified vulnerabilities in (1) Net6Helper.DLL (aka Net6Launcher Class) 4.5.2 and earlier, (2) npCtxCAO.dll (aka Citrix Endpoint Analysis Client) in a Firefox plugin directory, and (3) a second npCtxCAO.dll (aka CCAOControl Object) before 4.5.0.0 in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 have unknown impact and attack vectors, possibly related to buffer overflows. NOTE: vector 3 might overlap CVE-2007-3679.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://osvdb.org/37845http://secunia.com/advisories/26143http://securityreason.com/securityalert/2916http://support.citrix.com/article/CTX113815http://support.citrix.com/article/CTX114028http://www.securityfocus.com/archive/1/474204/100/0/threadedhttp://www.securityfocus.com/bid/24865http://www.securityfocus.com/bid/24975http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-006.txthttp://www.vupen.com/english/advisories/2007/2583https://exchange.xforce.ibmcloud.com/vulnerabilities/35511http://osvdb.org/37845http://secunia.com/advisories/26143http://securityreason.com/securityalert/2916http://support.citrix.com/article/CTX113815http://support.citrix.com/article/CTX114028http://www.securityfocus.com/archive/1/474204/100/0/threadedhttp://www.securityfocus.com/bid/24865http://www.securityfocus.com/bid/24975http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-006.txthttp://www.vupen.com/english/advisories/2007/2583https://exchange.xforce.ibmcloud.com/vulnerabilities/35511
2007-07-25
Published