Microsoft ActiveSync WideCharToMultiByte() Function NULL Dereference Remote DoS

Medium Nessus Plugin ID 11435


The remote host contains a data synchronization program that is affected by a remote denial of service attack.


The remote service (probably ActiveSync) could be crashed by sending it a malformed packet advertising a wrong content-length.

An attacker may use this flaw to disable this service remotely. It is not clear at this time if this vulnerability can be used to execute arbitrary code on this host, although it is a possibility.


There is no known solution at this time.

Plugin Details

Severity: Medium

ID: 11435

File Name: active_sync_overflow.nasl

Version: $Revision: 1.11 $

Type: remote

Agent: windows

Family: Windows

Published: 2003/03/22

Modified: 2011/03/11

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:F/RL:U/RC:ND

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

BID: 7150

OSVDB: 44696