Vulnerability Name:

CVE-2007-4013 (CCN-35511)

Assigned:2007-07-19
Published:2007-07-19
Updated:2011-03-08
Summary:Multiple unspecified vulnerabilities in (1) Net6Helper.DLL (aka Net6Launcher Class) 4.5.2 and earlier, (2) npCtxCAO.dll (aka Citrix Endpoint Analysis Client) in a Firefox plugin directory, and (3) a second npCtxCAO.dll (aka CCAOControl Object) before 4.5.0.0 in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 have unknown impact and attack vectors, possibly related to buffer overflows.
Note: vector 3 might overlap CVE-2007-3679.
Access Gateway is software offered also as an appliance.
CVSS v3 Severity:9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Wed Jul 18 2007 - 13:58:02 CDT
SYMSA-2007-006: Citrix EPA ActiveX Control Design Flaw

Source: MITRE
Type: CNA
CVE-2007-3679

Source: MITRE
Type: CNA
CVE-2007-4013

Source: OSVDB
Type: UNKNOWN
37842

Source: OSVDB
Type: UNKNOWN
37843

Source: OSVDB
Type: UNKNOWN
37844

Source: CCN
Type: SA26143
Citrix Access Gateway Multiple Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
26143

Source: CCN
Type: CTX113815
Vulnerabilities in Access Gateway Standard and Advanced Editions clients could result in arbitrary code execution

Source: CONFIRM
Type: Patch
http://support.citrix.com/article/CTX113815

Source: CCN
Type: CTX114028
Hotfix AG2000_v455 - Access Gateway Standard Edition 4.5

Source: CONFIRM
Type: Patch
http://support.citrix.com/article/CTX114028

Source: CCN
Type: OSVDB ID: 37842
Citrix Access Gateway Standard Edition ActiveX Net6Helper.DLL (aka Net6Launcher Class) Unspecified Issue

Source: CCN
Type: OSVDB ID: 37843
Citrix Access Gateway Standard Edition ActiveX npCtxCAO.dll (aka Citrix Endpoint Analysis Client) Unspecified Issue

Source: CCN
Type: OSVDB ID: 37844
Citrix Access Gateway Standard Edition ActiveX npCtxCAO.dll (aka CCAOControl Object) Unspecified Issue

Source: CCN
Type: OSVDB ID: 37845
Citrix Access Gateway EPA ActiveX npCtxCAO.dll (aka CCAOControl Object) Arbitrary File Download

Source: CCN
Type: BID-24865
Citrix EPA ActiveX Control Design Flaw

Source: BID
Type: Patch
24975

Source: CCN
Type: BID-24975
Citrix Access Gateway Standard and Advanced Edition Multiple Remote Vulnerabilities

Source: CCN
Type: SYMSA-2007-006
Citrix EPA ActiveX Control Design Flaw

Source: VUPEN
Type: UNKNOWN
ADV-2007-2583

Source: XF
Type: UNKNOWN
citrix-access-activex-plugin-code-execution(35511)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:citrix:access_gateway:*:*:standard:*:*:*:*:* (Version <= 4.5)
  • OR cpe:/a:citrix:access_gateway:*:hf1:advanced:*:*:*:*:* (Version <= 4.5)
  • OR cpe:/a:citrix:endpoint_analysis_client:*:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:*:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:citrix:access_gateway:*:*:standard:*:*:*:*:* (Version <= 4.5)
  • OR cpe:/a:citrix:access_gateway:*:hf1:advanced:*:*:*:*:* (Version <= 4.5)

    • Configuration CCN 1:
  • cpe:/a:citrix:access_gateway:4.5::advanced:*:*:*:*:*
  • OR cpe:/a:citrix:access_gateway:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:citrix:access_gateway:4.5::standard:*:*:*:*:*
  • AND
  • cpe:/o:microsoft:windows_vista:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    citrix access gateway *
    citrix access gateway * hf1
    citrix endpoint analysis client *
    mozilla firefox *
    citrix access gateway *
    citrix access gateway * hf1
    citrix access gateway 4.5
    citrix access gateway 4.0
    citrix access gateway 4.5
    microsoft windows vista *