This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects attempts to exploit a buffer overflow vulnerability in SonicWALL SSL VPN Client.
SonicWALL SSL VPN is an appliance designed to provide remote VPN access to the corporate network. It comes with ActiveX Controls that provide VPN client functionality in Internet Explorer.
SonicWALL SSL VPN is prone to multiple remote vulnerabilities:
- A vulnerability in the WebCacheCleaner ActiveX control allows remote attackers to delete arbitrary files on the client's computer through the 'fileDelete' function.
- A stack-based buffer-overflow vulnerability in the NELaunchCtrl ActiveX control presents itself because the 'AddRouteEntry' function fails to properly bounds-check user-supplied input that is passed to the second argument of the function. Also, multiple Unicode buffer-overflow vulnerabilities reside in the following properties of the ActiveX control: serverAddress, sessionId, clientIPLower, clientIPHigher, userName, domainName, dnsSuffix.
Attackers can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in denial-of-service conditions.
These issues affect SonicWALL SSL VPN 126.96.36.199 software as well as WebCacheCleaner 188.8.131.52 and NeLaunchCtrl 184.108.40.206 ActiveX controls; other versions may also be vulnerable.
- SonicWALL SSL VPN 2.5, 1.3 3
- SonicWALL SSL VPN 200 2.1
Download and install all vendor patches related to this vulnerability.