| VID |
12031 |
| Severity |
30 |
| Port |
5679 |
| Protocol |
TCP |
| Class |
ActiveSync |
| Detailed Description |
The MS ActiveSync is a vulnerable to a Denial of Service via a malformed packet.
Microsoft ActiveSync is a synchronization software to create partnership between mobile device and desktop computer using a cable, cradle, or infrared. After a partnership is created, the data is synchronized using a modem or network (Ethernet) card if the device supports it. This ActiveSync 3.5 is vulnerable to a Denial of Service attack by sending a corrupted "sync request" packet to the service. When a remote attacker pretends to be a mobile device and connects to TCP port 5679, on which the service runs, and then sends a malformed packet by removing 4bytes of the correct packet, it will causes an application error, killing the "wcescomm" process. Thus, the service is crashed.
* Note: This service must be restarted manually to resume the service..
* References:
http://www.irmplc.com/advisories/active_sync.txt
* Affected Softwares:
Microsoft ActiveSync version 3.5 |
| Recommendation |
No patch available as of June 2014.
As as workaround, filter the incoming traffic to this port using a filtering device or software. |
| Related URL |
(CVE) |
| Related URL |
7150 (SecurityFocus) |
| Related URL |
(ISS) |
|
