CVE-2007-5814 Information

Feb 14, 2021 cve

Description

Multiple buffer overflows in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51 and 2.5.x before 2.5.0.56 allow remote attackers to execute arbitrary code via a long (1) serverAddress (2) sessionId (3) clientIPLower (4) clientIPHigher (5) userName (6) domainName or (7) dnsSuffix Unicode property value. NOTE: the AddRouteEntry vector is covered by CVE-2007-5603.

Reference

http://secunia.com/advisories/27469 http://securityreason.com/securityalert/3342 http://www.sec-consult.com/303.html http://www.sec-consult.com/fileadmin/Advisories/20071101-0_sonicwall_multiple.txt http://www.securityfocus.com/archive/1/483097/100/0/threaded http://www.securityfocus.com/bid/26288 http://www.vupen.com/english/advisories/2007/3696 https://exchange.xforce.ibmcloud.com/vulnerabilities/38220

Share on: