This vulnerability is the result of an unchecked buffer in the Remote Access Service (RAS) Phonebook.