Microsoft ActiveSync WideCharToMultiByte() Function NULL Dereference Remote DoS

This script is Copyright (C) 2003-2011 Tenable Network Security, Inc.


Synopsis :

The remote host contains a data synchronization program that is
affected by a remote denial of service attack.

Description :

The remote service (probably ActiveSync) could be crashed
by sending it a malformed packet advertising a wrong content-length.

An attacker may use this flaw to disable this service remotely. It is
not clear at this time if this vulnerability can be used to execute
arbitrary code on this host, although it is a possibility.

Solution :

There is no known solution at this time.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.8
(CVSS2#E:F/RL:U/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 11435 (active_sync_overflow.nasl)

Bugtraq ID: 7150

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now