SonicWall Information for VU#298521
SonicWall NetExtender NELaunchCtrl ActiveX control stack buffer overflow
- Vendor Information Help Date Notified: 20 Sep 2007
- Statement Date:
- Date Updated: 05 Nov 2007
SSL-VPN 200 Platform
The fix was made publicly available on 7/20/07 with the web-post of
126.96.36.199-8sv. The web-posted firmware contains version 188.8.131.52 of the
NELaunchCtrl ActiveX control, which fixed the issue.
SSL-VPN 2000/4000 Platform
The fix was first made publicly available on 10/22/07 with the web-post
of 184.108.40.206-9sv. The web-posted firmware contains version 220.127.116.11 of
the NELaunchCtrl ActiveX control, which fixed the issue.
We are not aware of further vendor information regarding this vulnerability.
These updates can be obtained from the SonicWall Support page. Please note that the client systems must connect to a NetExtender SSL VPN unit to obtain the fixed control. If you are unable to obtain a fixed version of the control, please disable the ActiveX control.
If you have feedback, comments, or additional information about this vulnerability, please send us email.