SonicWall Information for VU#298521

SonicWall NetExtender NELaunchCtrl ActiveX control stack buffer overflow

Status

Affected

Vendor Statement

SSL-VPN 200 Platform
--------------------
The fix was made publicly available on 7/20/07 with the web-post of
2.1.0.0-8sv. The web-posted firmware contains version 2.1.0.51 of the
NELaunchCtrl ActiveX control, which fixed the issue.

SSL-VPN 2000/4000 Platform
--------------------------
The fix was first made publicly available on 10/22/07 with the web-post
of 2.5.0.0-9sv.  The web-posted firmware contains version 2.5.0.53 of
the NELaunchCtrl ActiveX control, which fixed the issue.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

None

Addendum

These updates can be obtained from the SonicWall Support page. Please note that the client systems must connect to a NetExtender SSL VPN unit to obtain the fixed control. If you are unable to obtain a fixed version of the control, please disable the ActiveX control.

If you have feedback, comments, or additional information about this vulnerability, please send us email.