The host is running Avaya WinPDM and is prone to multiple buffer overflow vulnerabilities.

Successful exploitation will allow unauthenticated attackers to cause the application to crash. Impact Level: Application

Upgrade to Avaya WinPDM 3.8.5 or later, For updates refer to http://support.avaya.com/products/

Multiple flaws are due to a boundary error in, - Unite Host Router service (UniteHostRouter.exe) when processing certain requests can be exploited to cause a stack-based buffer overflow via long string to the 'To:' field sent to UDP port 3217. - UspCsi.exe when processing certain crafted overly long string requests can be exploited to cause a heap-based buffer overflow via a specially crafted overly long string sent to UDP port 10136. - CuspSerialCsi.exe when processing certain crafted overly long string requests can be exploited to cause a heap-based buffer overflow via a specially crafted overly long string sent to UDP port 10158. - MwpCsi.exe when processing certain crafted overly long string requests can be exploited to cause a heap-based buffer overflow via a specially crafted overly long string sent to UDP port 10137. - PMServer.exe when processing certain requests can be exploited to cause a heap-based buffer overflow via a specially crafted overly long string sent to UDP port 10138.

Avaya WinPDM version 3.8.2 and prior

• http://osvdb.org/show/osvdb/73271
• http://osvdb.org/show/osvdb/73272
• http://osvdb.org/show/osvdb/73273
• http://packetstormsecurity.org/files/117209/Avaya-WinPMD-UniteHostRouter-Buffer-Overflow.html
• http://secunia.com/advisories/44062/
• http://www.exploit-db.com/exploits/18397/
• https://downloads.avaya.com/css/P8/documents/100140122

---

Updated on 2017-03-28