Exploiting Windows systems through ActiveSync

As of ActiveSync 4.0, Microsoft has incorporated the Remote Network Driver Interface Specification (RNDIS) into creation of a syncing session between a Windows Mobile device and its host PC. While the implementation of this technology has numerous advantages, it also creates an exploitable situation by which a host PC can be attacked.

White Wolf Labs has researched out this issue and designed a proof of concept that illustrates how this vulnerability can be exploited. Here is a short video demonstration showing how the vulnerability can be used against a host PC: