SonicWALL SSL-VPN NetExtender NELaunchCtrl ActiveX Control Multiple Overflows

This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an ActiveX control that is affected by
buffer overflow vulnerabilities.

Description :

The remote host contains the 'NELaunchCtrl' ActiveX control included
with the SonicWALL NetExtender VPN client software.

The version of this control installed on the remote host fails to
validate arguments to several methods, such as 'AddRouteEntry',
'serverAddress', 'sessionId', 'clientIPLower', etc. If a remote
attacker can trick a user on the affected host into visiting a
specially crafted web page, the attacker could leverage these issues
to overflow a buffer and execute arbitrary code on the host subject to
the user's privileges.

See also :

http://www.securityfocus.com/archive/1/483097/30/0/threaded
http://seclists.org/bugtraq/2007/Nov/12

Solution :

Upgrade to version 2.1.0.51 / 2.5.0.56 or later of the control.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 27618 ()

Bugtraq ID: 26288

CVE ID: CVE-2007-5603
CVE-2007-5814

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now