In association with heise online

02 November 2007, 15:27

SonicWall VPN client vulnerable

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The NetExtender for SSL-VPNs client software from SonicWall contains several security holes by means of which attackers could infect or crash a system using specially crafted web pages. The vulnerabilities result from buffer overflows in various functions of the NELaunchCtrl (NELaunchX.dll) ActiveX control and can be exploited to inject and execute malicious code in a Windows system. In addition, the FileDelete function in the WebCacheCleaner control is vulnerable, allowing attackers to delete arbitrary files.

The vulnerabilities have been confirmed for WebCacheCleaner version and for NetLaunchCtrl However, earlier versions are also likely to be affected. According to the relevant advisories the vulnerabilities have been resolved in version 2.5 of the client software, which is shipped with SonicWall NetExtender 4000 and 2000. Patch Build 2.1 is designed to resolve the issue in SonicWall NetExtender 200. Clients need to connect to a NetExtender VPN appliance to obtain the updated control.

Alternatively, the US-CERT recommends setting the kill bit for the control to prevent Internet Explorer from loading it. This can be done by saving the following text as a .reg file and by subsequently importing this file from the context menu in Windows Explorer:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX
"Compatibility Flags"=dword:00000400

ActiveX can, of course, also be disabled completely.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit