N/A

Multiple buffer overflows in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allow remote attackers to execute arbitrary code via a long (1) serverAddress, (2) sessionId, (3) clientIPLower, (4) clientIPHigher, (5) userName, (6) domainName, or (7) dnsSuffix Unicode property value. NOTE: the AddRouteEntry vector is covered by CVE-2007-5603.

N/A

N/A

SonicWALL SSL VPN客户端ActiveX控件多个安全漏洞

SonicWALL SSL-VPN可以为企业网络提供简单易用的VPN解决方案。 SonicWALL SSL-VPN的ActiveX控件实现上存在多个安全漏洞，远程攻击者可能利用这些漏洞控制用户系统。 SonicWALL SSL-VPN解决方案所安装的WebCacheCleaner ActiveX控件的FileDelete()方式没有正确地验证某些参数，允许攻击者删除客户端上的任意文件；此外NELaunchCtrl ActiveX控件的AddRouteEntry()方式在处理第二个参数时未经长度检查便拷贝到

N/A

N/A