Avaya WinPDM Unite Host Router service buffer overflow

2011-12-30T00:00:00
ID SAINT:7FDD297BCD0A6514DE272A20CF749A05
Type saint
Reporter SAINT Corporation
Modified 2011-12-30T00:00:00

Description

Added: 12/30/2011
BID: 47947
OSVDB: 73269

Background

Avaya Windows Portable Device Manager (WinPDM) is used for local administration and software download of various devices.

Problem

A buffer overflow vulnerability in Avaya WinPDM allows an attacker to execute arbitrary commands by sending a specially crafted request to the Unite Host Router service.

Resolution

Upgrade to Avaya WinPDM 3.8.5 or higher.

References

<https://support.avaya.com/css/P8/documents/100140122>

Limitations

Exploit works on Avaya WinPDM 3.8.2 on Windows Server 2003 SP2 English (DEP OptOut) with KB956802 and KB2393802.

Platforms

Windows