CISCO Unified Personal Communicator 7.0 (1.13056) Remote Denial of Service Vulnerability fuzzing, exploit, DoS, Remote DoS, eyeBeamAsDLLk9.dll, CUPCK9.exe, CVE-2010-3048 FMA-2010-002 CVE CVE-2010-3048 Cisco CSCti67933 Cisco Unified Personal Communicator 7.0 http://www.cisco.com CUPCK9.exe 7.0 59b74dc39280aaa51431527cc56ba83b eyeBeamAsDLLk9.dll 8d579b4769faa189cac733b91dc47c9f Windows Server 2003 2010.03.15 2010.07.29 2011.01.11 Remote Denial of Service Vulnerability DoS Cisco Unified Personal Communicator is a powerful communication platform for business, name CUPC later used for simplicity. Fuzzing CUPC, revealed that application is not freeing allocated memory for received data and is not performing any validation if memory allocation was successful. The mentioned finding allowed us to prepare proof of concept exploit that using this issue, causes remote Denial of Service of CUPC. Authentication is not required to exploit this vulnerability. Denial of Service is caused by not handled access violation exception thrown in DLL module eyeBeamAsDLLk9. Application after allocating buffer for packet data is not validating if memory allocation was successful. If memory allocation fails we have null pointer dereference. Memory allocation will fail when process used all available user mode memory which can be used by heap manager. Access violation exception thrown in DLL module eyeBeamAsDLLk9 after dereferencing null pointer. image01s.png 67 100 image01.png Cisco Unified Personal Communicator version Cisco Unified Personal Communicator version image02s.png 171 100 image02.png Access violation exception thrown in DLL module eyeBeamAsDLLk9 after dereferencing null pointer. Access violation exception thrown in DLL module eyeBeamAsDLLk9 after dereferencing null pointer.