HTTP: SonicWALL SSL VPN End Point ActiveX Control Exploit
This signature detects attempts to exploit a known code execution vulnerability in the Sonic Wall SSL VPN Endpoint Interrogator ActiveX control. It is due to a format string error in the "epi.dll" library when creating a log message. This can be exploited by assigning a specially crafted string value to affected properties of the ActiveX control. A successful exploit can result in arbitrary code execution with the privileges of the targeted user.
Extended Description
The SonicWALL SSL-VPN E-Class ActiveX control is prone to multiple buffer-overflow vulnerabilities because the application fails to adequately check boundaries on user-supplied input. An attacker can exploit these issues to execute arbitrary code in the context of the application (typically Internet Explorer) using the ActiveX control. Failed attacks will likely cause denial-of-service conditions. These issues affects SonicWALL E-Class SSL-VPN 10.5.1.117 and all previous versions as well as 10.0.5 without hotfix; other versions may also be vulnerable.
Affected Products
Sonicwall e-class_ssl-vpn
References
CVE: CVE-2010-2583
Short Name
HTTP:STC:ACTIVEX:SONICWALL-VPN
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
ActiveX CVE-2010-2583 Control End Exploit Point SSL SonicWALL VPN bid:42548 bid:44535
Release Date
09/25/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Sonicwall
CVSS Score
9.3