CVE-2010-2583

Name of the Vulnerable Software and Affected Versions SonicWALL SSL-VPN End-Point Interrogator/Installer versions prior to 10.5.2 SonicWALL SSL-VPN End-Point Interrogator/Installer version 10.0.5 before hotfix 3

Description The issue is related to a stack-based buffer overflow in the ActiveX control Aventail.EPInstaller. This can be exploited by remote attackers to execute arbitrary code via long arguments to the Install3rdPartyComponent method, specifically the CabURL and Location arguments.

Recommendations For versions prior to 10.5.2, update to version 10.5.2 or later. For version 10.0.5, apply hotfix 3 or later. As a temporary workaround, consider restricting access to the Install3rdPartyComponent method until a patch is available.