Microsoft ActiveSync Null Pointer Dereference Denial Of Service Vulnerability Network Vulnerability

Summary

This host is running Microsoft ActiveSync and is prone to denial of service vulnerability.

Impact

Successful exploitation will allow attackers to cause denial of service condition. Impact Level: Application

Solution

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

Insight

The flaw is due to NULL pointer is dereferenced in a call to the function 'WideCharToMultiByte()' while it is trying to process an entry within the sync request packet. This causes an application error, killing the 'wcescomm' process.

Affected

Microsoft ActiveSync version 3.5

References

http://secunia.com/advisories/8383/
http://www.securelist.com/en/advisories/8383
http://www.securityfocus.com/archive/1/315901
http://xforce.iss.net/xforce/xfdb/11589

Updated on 2017-03-28

Severity

Classification

CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

ClamAV get_unicode_name() Off-By-One Heap based BOF Vulnerability
7-Zip Unspecified Archive Handling Vulnerability (Win)
Avaya IP Office Manager TFTP Denial of Service Vulnerability
Foxit Reader Multiple Denial of Service Vulnerabilities - Jun09
Apache httpd Web Server Range Header Denial of Service Vulnerability

Take action and discover your vulnerabilities