In association with heise online

18 November 2008, 10:45

Microsoft Communicator vulnerable to DoS attacks

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

According to a report by VoIPshield, a VoIP security service provider, Microsoft's Office Communications Server (OCS), Office Communicator and Windows Messenger contain vulnerabilities that can be exploited for Denial of Service attacks. The applications can be crashed using specially crafted packets.

VoIPshield does not want to release more detailed information until Microsoft has fixed the flaw. The vendor has so far only revealed that the mentioned products crash when specially crafted RTCP receiver reports are received. Microsoft Communicator is also said to have an allergic reaction to receiving a large number of INVITE messages (INVITE flood), ceasing to respond for a certain amount of time as a result. In some cases the program even logs itself off the network.

Another flaw in Communicator's memory management is said to allow large areas of memory to be occupied with parallel sessions, which degrades the desktop experience. Sending victims a large number of instant messages containing emoticons is said to be enough to exploit this flaw.

According to the US media, VoIPshield even claims to have discovered a hole that allows attackers to access their victims' computers. 250 million users are estimated to use the VoIP applications for Windows.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit