CVSS: 9.3EPSS: 21%CPEs: 2EXPL: 0CVE-2010-2583
https://notcve.org/view.php?id=CVE-2010-2583
Stack-based buffer overflow in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX control (Aventail.EPInstaller) before 10.5.2 and 10.0.5 hotfix 3 allows remote attackers to execute arbitrary code via long (1) CabURL and (2) Location arguments to the Install3rdPartyComponent method. Desbordamiento de búfer basado en pila en el control ActiveX SonicWALL SSL-VPN End-Point Interrogator/Installer anterior a v10.5.2 y v10.0.5 hotfix 3, permite a atacantes remotos ejecutar código de su elección a través de los argumentos (1) CabURL y (2) Location de gran tamaño al método Install3rdPartyComponent. • http://secunia.com/advisories/41644 http://secunia.com/secunia_research/2010-117 http://software.sonicwall.com/Aventail/KB/hotfix/10.0.5/clt-hotfix-10_0_5-003.txt http://www.securityfocus.com/archive/1/514561/100/0/threaded http://www.securityfocus.com/bid/44535 http://www.securitytracker.com/id?1024666 https://exchange.xforce.ibmcloud.com/vulnerabilities/62865 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •