SonicWALL E-Class SSL-VPN Format String Vulnerability

SonicWALL E-Class SSL VPN contains a format-string vulnerability that occurs because the application fails to properly sanitize user-supplied data to an ActiveX control.

An attacker may exploit this vulnerability to cause arbitrary code to run within the context of the application, typically SonicWall, that uses the ActiveX control. Failed exploit attempts will result in a denial-of-service conditions.

This issue affects SonicWALL E-Class SSL-VPN 10.0.4 and all previous versions as well as 10.5.1 without hotfix; other versions may also be vulnerable.


Privacy Statement
Copyright 2010, SecurityFocus