CISCO Unified Personal Communicator 7.0 (1.13056) Remote Denial of Service Vulnerability
fuzzing, exploit, DoS, Remote DoS, eyeBeamAsDLLk9.dll, CUPCK9.exe, CVE-2010-3048
CISCO Unified Personal Communicator 7.0 (1.13056) Remote Denial of Service Vulnerability
FMA-2010-002
[
CVE
CVE-2010-3048
]
[
Cisco
CSCti67933
]
Cisco Unified Personal Communicator
7.0
http://www.cisco.com
CUPCK9.exe
7.0
59b74dc39280aaa51431527cc56ba83b
eyeBeamAsDLLk9.dll
8d579b4769faa189cac733b91dc47c9f
Windows Server 2003
2010.03.15
2010.07.29
2011.01.11
Remote Denial of Service Vulnerability
DoS
Cisco Unified Personal Communicator is a powerful communication platform for business, name CUPC later used for simplicity. Fuzzing CUPC, revealed that application is not freeing allocated memory for received data and is not performing any validation if memory allocation was successful. The mentioned finding allowed us to prepare proof of concept exploit that using this issue, causes remote Denial of Service of CUPC. Authentication is not required to exploit this vulnerability. Denial of Service is caused by not handled access violation exception thrown in DLL module eyeBeamAsDLLk9. Application after allocating buffer for packet data is not validating if memory allocation was successful. If memory allocation fails we have null pointer dereference. Memory allocation will fail when process used all available user mode memory which can be used by heap manager.
Access violation exception thrown in DLL module eyeBeamAsDLLk9 after dereferencing null pointer.
image01s.png
67
100
image01.png
Cisco Unified Personal Communicator version
Cisco Unified Personal Communicator version
image02s.png
171
100
image02.png
Access violation exception thrown in DLL module eyeBeamAsDLLk9 after dereferencing null pointer.
Access violation exception thrown in DLL module eyeBeamAsDLLk9 after dereferencing null pointer.