Signature Detail
Short Name |
HTTP:STC:ACTIVEX:SONICWALL-VPN |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
SonicWALL SSL VPN End Point ActiveX Control Exploit |
Release Date |
2010/09/24 |
Update Number |
1779 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: SonicWALL SSL VPN End Point ActiveX Control Exploit
This signature detects attempts to exploit a known code execution vulnerability in the Sonic Wall SSL VPN Endpoint Interrogator ActiveX control. It is due to a format string error in the "epi.dll" library when creating a log message. This can be exploited by assigning a specially crafted string value to affected properties of the ActiveX control. A successful exploit can result in arbitrary code execution with the privileges of the targeted user.
Extended Description
The SonicWALL SSL-VPN E-Class ActiveX control is prone to multiple buffer-overflow vulnerabilities because the application fails to adequately check boundaries on user-supplied input. An attacker can exploit these issues to execute arbitrary code in the context of the application (typically Internet Explorer) using the ActiveX control. Failed attacks will likely cause denial-of-service conditions. These issues affects SonicWALL E-Class SSL-VPN 10.5.1.117 and all previous versions as well as 10.0.5 without hotfix; other versions may also be vulnerable.
Affected Products
- SonicWALL E-Class SSL VPN 10.5.1.117
- SonicWALL E-Class SSL-VPN 10.0.5
References
- BugTraq: 42548
- BugTraq: 44535
- CVE: CVE-2010-2583
- URL: http://www.sonicwall.com/us/support/kb.asp?kbid=8272