Avaya WinPDM < 3.8.5 Multiple Vulnerabilities

Critical Nessus Plugin ID 54831


A phone administration application on the remote Windows host has multiple vulnerabilities.


The version of Avaya WinPDM installed on the remote host has multiple network services affected by memory corruption vulnerabilities. A remote, unauthenticated attacker could exploit these issues to execute arbitrary code.

This plugin determines if the vulnerable software is installed by checking the file version of the Unite Host Router component of WinPDM.


Upgrade to Avaya WinPDM 3.8.5 (Unite Host Router or later.

See Also


Plugin Details

Severity: Critical

ID: 54831

File Name: avaya_winpdm_3_8_5.nasl

Version: $Revision: 1.7 $

Type: local

Agent: windows

Family: Windows

Published: 2011/05/26

Modified: 2015/01/12

Dependencies: 13855

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: x-cpe:/a:avaya:winpdm

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2011/05/23

Vulnerability Publication Date: 2011/05/23

Exploitable With

Metasploit (Avaya WinPMD UniteHostRouter Buffer Overflow)

ExploitHub (EH-11-070)

Reference Information

BID: 47947

OSVDB: 73269, 73270, 73271, 73272, 73273

EDB-ID: 18397

Secunia: 44062