SonicWALL SSL VPN Client Remote ActiveX Multiple Vulnerabilities

BID:26288

Info

SonicWALL SSL VPN Client Remote ActiveX Multiple Vulnerabilities

Bugtraq ID: 26288
Class: Boundary Condition Error
CVE: CVE-2007-5603
CVE-2007-5814
CVE-2007-5815
Remote: Yes
Local: No
Published: Nov 01 2007 12:00AM
Updated: Nov 15 2007 12:37AM
Credit: Will Dormann, krafty and lofi42 are independently credited with the discovery of this issue.
Vulnerable: SonicWALL SSL VPN 1.3 3
Not Vulnerable: SonicWALL SSL VPN 200 2.1
SonicWALL SSL VPN 2.5

Discussion

SonicWALL SSL VPN Client Remote ActiveX Multiple Vulnerabilities

SonicWALL SSL VPN Client is prone to multiple remote vulnerabilities. The issues occur in different ActiveX controls and include arbitrary-file-deletion and multiple stack-based buffer-overflow vulnerabilities.

Attackers can exploit these issues to execute arbitrary code within the context of the affected application and delete arbitrary files on the client's computer. Failed exploit attempts will result in denial-of-service conditions.

These issues affect SonicWALL SSL VPN 1.3.0.3 software as well as WebCacheCleaner 1.3.0.3 and NeLaunchCtrl 2.1.0.49 ActiveX controls; other versions may also be vulnerable.

Exploit / POC

SonicWALL SSL VPN Client Remote ActiveX Multiple Vulnerabilities

The following proofs of concept are available:

Arbitrary file deletion issue:

dim o
Set o = CreateObject("MLWebCacheCleaner.WebCacheCleaner.1")
o.FileDelete("c:\bla\bla")


Buffer-overflow vulnerability:

o.AddRouteEntry ("", "ABCDEFGHIJKLMNOPQRSTUVWX");

The following exploit is available for the AddRouteEntry method:

Solution / Fix

SonicWALL SSL VPN Client Remote ActiveX Multiple Vulnerabilities

Solution:
The vendor has released SSL VPN 200 2.1 and SSL VPN 2.5 to address these issues. Please see the references for more information.

References

© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report