Stack-based Buffer Overflow in SonicWall SSL-VPN NetExtender ActiveX Control
CVE-2007-5603

Currently unrated

Key Information:

Vendor: Sonicwall
Status: Ssl Vpn
Vendor: CVE Published:; 5 November 2007

Summary

A stack-based buffer overflow vulnerability exists in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control, specifically in the handling of the 'AddRouteEntry' method. This flaw affects versions prior to 2.1.0.51 and 2.5.x versions before 2.5.0.56, allowing remote attackers to execute arbitrary code by sending a specially crafted string as an argument to the method. Exploitation of this vulnerability could lead to unauthorized actions and potential system compromise.

References

http://www.kb.cert.org/vuls/id/WDON-78K56M

x_refsource_MISC

http://www.kb.cert.org/vuls/id/298521

third-party-advisoryx_refsource_CERT-VN

http://www.vupen.com/english/advisories/2007/3696

vdb-entryx_refsource_VUPEN

EPSS Score

71% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 5, 2007
Vulnerability Reserved
Oct 21, 2007