Buffer Overflow in SonicWALL SSL-VPN Product by SonicWALL
CVE-2010-2583

Currently unrated

Key Information:

Vendor: Sonicwall
Status: Ssl-vpn End-point Interrogator\/installer Activex Control
Vendor: CVE Published:; 3 November 2010

Summary

The SonicWALL SSL-VPN End-Point Interrogator/Installer contains a stack-based buffer overflow vulnerability in its ActiveX control. This flaw allows remote attackers to execute arbitrary code when they use excessively long parameters in the Install3rdPartyComponent method, particularly in the CabURL and Location arguments. Affected versions prior to 10.5.2 and pre-10.0.5 hotfix 3 are susceptible to this attack, posing significant risks for users who have not applied the necessary updates. Security measures should be implemented immediately to safeguard your network.

References

http://www.securitytracker.com/id?1024666

vdb-entryx_refsource_SECTRACK

http://secunia.com/secunia_research/2010-117/

x_refsource_MISC

http://www.securityfocus.com/archive/1/514561/100/0/threaded

mailing-listx_refsource_BUGTRAQ

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 3, 2010
Vulnerability Reserved
Jul 1, 2010