Avaya WinPDM Unite Host Router service buffer overflow

Added: 12/30/2011
BID: 47947
OSVDB: 73269

Background

Avaya Windows Portable Device Manager (WinPDM) is used for local administration and software download of various devices.

Problem

A buffer overflow vulnerability in Avaya WinPDM allows an attacker to execute arbitrary commands by sending a specially crafted request to the Unite Host Router service.

Resolution

Upgrade to Avaya WinPDM 3.8.5 or higher.

References

https://support.avaya.com/css/P8/documents/100140122

Limitations

Exploit works on Avaya WinPDM 3.8.2 on Windows Server 2003 SP2 English (DEP OptOut) with KB956802 and KB2393802.

Platforms

Windows

Back to exploit index