Intrusion Prevention

SonicWall.SSL.VPN.NetExtender.ActiveX.Access

Description

This indicates an attempt to exploit a vulnerability in SonicWALL's SSL-VPN Client.
This vulnerability is caused by an error in the "FileDelete" and "AddRouteEntry" methods in the "WebCacheCleaner" and "NELaunchCtrl" ActiveX Controls. It allows remote attackers to delete arbitrary files or execute arbitrary code via a crafted web page.

Affected Products

SonicWALL SSL-VPN 1.3.0.3

Impact

System Compromise: remote attackers can delete arbitrary files or execute arbitrary code.

Recommended Actions

Refer to the vendor's websit for suggested workround.
http://www.sonicwall.com

CVE References

CVE-2007-5603