CVE-2007-1542
published 2007-03-20CVE-2007-1542: Unspecified vulnerability in the Cisco IP Phone 7940 and 7960 running firmware before POS8-6-0 allows remote attackers to cause a denial of service via the…
PriorityP427medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
9.18%
94.7th percentile
Unspecified vulnerability in the Cisco IP Phone 7940 and 7960 running firmware before POS8-6-0 allows remote attackers to cause a denial of service via the Remote-Party-ID sipURI field in a SIP INVITE request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_cisco5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jf8q-7p9f-qqch: Unspecified vulnerability in the Cisco IP Phone 7940 and 7960 running firmware before POS8-6-0 allows remote attackers to cause a denial of service vi
ghsa_unreviewed·2022-05-01
CVE-2007-1542 [MEDIUM] GHSA-jf8q-7p9f-qqch: Unspecified vulnerability in the Cisco IP Phone 7940 and 7960 running firmware before POS8-6-0 allows remote attackers to cause a denial of service vi
Unspecified vulnerability in the Cisco IP Phone 7940 and 7960 running firmware before POS8-6-0 allows remote attackers to cause a denial of service via the Remote-Party-ID sipURI field in a SIP INVITE request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Cisco
Cisco IP Phone SIP INVITE Message Denial of Service Vulnerability
vendor_cisco·2007-03-20·CVSS 5.0
CVE-2007-1542 [MEDIUM] CWE-399 Cisco IP Phone SIP INVITE Message Denial of Service Vulnerability
Cisco IP Phone SIP INVITE Message Denial of Service Vulnerability
Cisco 7940 and 7960 IP phones with firmware version 7.4 contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
The vulnerability exists due to an error within the handling of malformed SIP INVITE messages. An attacker could exploit this vulnerability by sending a crafted INVITE message to the device to cause it to reboot, resulting in a temporary DoS condition.
Proof-of-concept code is available.
Cisco confirmed this vulnerability and released updates to correct it.
To exploit this vulnerability, the attacker must have access to the network on which the device resides. Another attack vector would be a SIP gateway that could pass the malicious SIP INVITE m
No detection rules found.
Exploit-DB
Kodak Image Viewer - TIF/TIFF Code Execution (MS07-055)
exploitdb·2007-10-29
CVE-2007-2217 Kodak Image Viewer - TIF/TIFF Code Execution (MS07-055)
Kodak Image Viewer - TIF/TIFF Code Execution (MS07-055)
---
/* MS07-055 Kodak Image Viewer TIF/TIFF Code Execution Proof Of Concept
by Hong Gil-Dong, Jeon Woo-chi
* Hwang-Hee(?~1542), Prime Minister in Korea
* Once upon a time, One servant of Hwang-Hee was arguing with another
* servant. they asked Hwang-Hee to judge who is right.
* Hwang-Hee listend their story, and said "Both are right".
* We tested this code on Windows 2000 SP4 Korean Edition.
* But if you change some parts of this code, you can also execute an
* arbitrary code in other systems.
* - Caution -
* First, execute the Kodak Image Viewer and then open the ms07-005.tif
* file. If you click the ms07-005.tif file directly in explorer,
* sometimes it causes not excution but just crash.
*/
#include
#define TIF_FILE "ms07-055
Exploit-DB
Microsoft Windows - 'gdi32.dll' Denial of Service (MS07-046)
exploitdb·2007-08-29
CVE-2007-3034 Microsoft Windows - 'gdi32.dll' Denial of Service (MS07-046)
Microsoft Windows - 'gdi32.dll' Denial of Service (MS07-046)
---
/*
* MS07-046(GDI32.dll Integer overflow DOS) Proof Of Concept Code
* by Hong Gil-Dong & Chun Woo-Chi
* Yang yeon(?~1542), Korea
* "I shall keep clenching my left fist unitl i see the real tao".
* This POC is only for test. If an application read a malformed wmf
* file like this POC, the application will be crashed. If you apply
* this code, you can execute an arbitrary code.
*
* We tested this code on Windows XP SP2 Korean Edition
* (GDI32.dll version 5.1.2600.3099). But it will work well on other
* systems.
*/
#include
#include
#define WMF_FILE "ms07-046.wmf"
void usage(void);
int main()
{
FILE *fp;
char wmf[] = "\x01\x00\x09\x00\x00\x03\x11\x00\x00\x00\x00\x00"\
"\x05\x00\x00\x00\x00\x00\xFF\xFF\xFF\xFF\x13\x02
Exploit-DB
Cisco Phone 7940/7960 - 'SIP INVITE' Remote Denial of Service
exploitdb·2007-03-20
CVE-2007-1542 Cisco Phone 7940/7960 - 'SIP INVITE' Remote Denial of Service
Cisco Phone 7940/7960 - 'SIP INVITE' Remote Denial of Service
---
#!/usr/bin/perl
# Title: Cisco 7940 SIP INVITE remote DOS
# Date: February 19, 2007
# ID: KIPH2
#
# Synopsis: After sending a cra fted INVITE message the device immediately
# reboots. The phone does not check properly the sipURI field of the
# Remote-Party-ID in the message.
#
# The vendor was informed and acknowledged the vulnerability. This
# vulnerability was identified by the Madynes research team at INRIA
# Lorraine, using the Madynes VoIP fuzzer.
#
# Background: SIP is the IETF standardized (RFCs 2543 and 3261) protocol
# for VoIP signalization. SIP is an ASCII based INVITE message is used to
# initiate and maintain a communication session.
#
# Affected devices: Cisco phone 7940/7960 running firmware P0S3-07-4-00
#
#
No writeups or analysis indexed.
http://secunia.com/advisories/24600http://www.cisco.com/en/US/products/products_security_response09186a00808075ad.htmlhttp://www.securityfocus.com/bid/23047http://www.securitytracker.com/id?1017797http://www.vupen.com/english/advisories/2007/1023https://exchange.xforce.ibmcloud.com/vulnerabilities/33098http://secunia.com/advisories/24600http://www.cisco.com/en/US/products/products_security_response09186a00808075ad.htmlhttp://www.securityfocus.com/bid/23047http://www.securitytracker.com/id?1017797http://www.vupen.com/english/advisories/2007/1023https://exchange.xforce.ibmcloud.com/vulnerabilities/33098
2007-03-20
Published