Microsoft ActiveSync WideCharToMultiByte() Function NULL Dereference Remote DoS

medium Nessus Plugin ID 11435

Language:

Synopsis

The remote host contains a data synchronization program that is affected by a remote denial of service attack.

Description

The remote service (probably ActiveSync) could be crashed by sending it a malformed packet advertising a wrong content-length.

An attacker may use this flaw to disable this service remotely. It is not clear at this time if this vulnerability can be used to execute arbitrary code on this host, although it is a possibility.

Solution

There is no known solution at this time.

Plugin Details

Severity: Medium

ID: 11435

File Name: active_sync_overflow.nasl

Version: 1.13

Type: remote

Agent: windows

Family: Windows

Published: 3/22/2003

Updated: 8/8/2018

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

BID: 7150

Detections

Analytics