CVE-2008-5180
published 2008-11-20CVE-2008-5180: Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large…
PriorityP346medium5.3CVSS 3.1
AVNACLPRNUINSUCNINAL
EXPLOIT
EPSS
67.98%
99.2th percentile
Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions.
Detection & IOCsextracted from sources · hover to see the quote
- →Detect a flood of SIP INVITE requests targeting Microsoft Communicator; high-volume repeated INVITE messages to the same SIP URI from a single source are indicative of this DoS attack. ↗
- →Monitor for SIP INVITE packets over UDP (default port 5060) containing the Via header value 'SIP/2.0/UDP 172.16.16.4;branch=123-4567-900' as a specific exploit signature from the published PoC. ↗
- →Alert on rapid memory consumption growth in the Microsoft Communicator process coinciding with a spike in inbound SIP INVITE session creation. ↗
- →The exploit sends packets in an infinite loop over UDP; detect continuous high-rate UDP flows to SIP port 5060 from a single source IP as a network-level indicator. ↗
- ·The exploit also supports TCP transport; defenders should monitor SIP INVITE floods on both UDP and TCP port 5060. ↗
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Office 2010 Beta - Communicator SIP Denial of Service
exploitdb·2010-04-06
CVE-2008-5180 Microsoft Office 2010 Beta - Communicator SIP Denial of Service
Microsoft Office 2010 Beta - Communicator SIP Denial of Service
---
| # Title : Microsoft Office ( 2010 beta ) Communicator SIP denial of service Exploit
| # Author : indoushka
| # email : [email protected]
| # Home : www.iqs3cur1ty.com/vb
| # Tested on: windows SP2
| # Bug : Denial of service Exploit
====================== Exploit By indoushka =================================
# Exploit :
#!usr/bin/perl
#######################################################################################################################
# Microsoft Office 2010 Communicator allows remote attack to cause a denial of service (memory consumption) via #
# a large number of SIP INVITE requests. #
############################################################################################################
Exploit-DB
Microsoft Office - Communicator 'SIP' Remote Denial of Service
exploitdb·2008-11-28·CVSS 5.3
CVE-2008-5180 [MEDIUM] Microsoft Office - Communicator 'SIP' Remote Denial of Service
Microsoft Office - Communicator 'SIP' Remote Denial of Service
---
#!usr/bin/perl -w
################################################################################################################
# Microsoft Communicator allows remote attackers to cause a denial of service (memory consumption) via
# a large number of SIP INVITE requests, which trigger the creation of many sessions.
#
# Refer:
# http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5180
# http://xforce.iss.net/xforce/xfdb/46673
#
#
# To run this exploit on MS Windows replace "#!usr/bin/perl -w" with "#!Installation_path_for_perl -w"
# (say #!C:/Program Files/Perl/bin/perl -w)
#
# This was strictly written for educational purpose. Use it at your own risk.
# Author will not bare any responsibility for any damages wats
No writeups or analysis indexed.
CWE
Uncontrolled Resource Consumption
mitre_cwe
CWE-400 Uncontrolled Resource Consumption
CWE-400: Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource.
Modes of Introduction:
Phase: Operation
Note: The product could be operated in a system or environment with lower resource limits than expected, which might make it easier for attackers to consume all available resources.
Phase: System Configuration
Note: The product could be configured with lower resource limits than expected, which might make it easier for attackers to consume all available resources.
Phase: Architecture and Design
Note: The designer might not consider how to handle and throttle excessive resource requests, which typically requires careful planning to handle more gracefully than a crash or exit.
Phase: Implementation
Note: There are at
CWE
Allocation of Resources Without Limits or Throttling
mitre_cwe
CWE-770 Allocation of Resources Without Limits or Throttling
CWE-770: Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
Modes of Introduction:
Phase: Architecture and Design
Note: OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase.
Phase: Implementation
Phase: Operation
Phase: System Configuration
Common Consequences:
Scope: Availability. Impact: DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory), DoS: Resource Consumption (Other). When allocating resources without limits, an attacker could prevent other systems, applications, or processes from accessing the same type of resource. It can be
http://secunia.com/advisories/32940http://www.exploit-db.com/exploits/12079http://www.securityfocus.com/bid/39221http://www.securitytracker.com/id?1021294http://www.voipshield.com/research-details.php?id=133https://exchange.xforce.ibmcloud.com/vulnerabilities/46673https://exchange.xforce.ibmcloud.com/vulnerabilities/57581https://www.exploit-db.com/exploits/7262http://secunia.com/advisories/32940http://www.exploit-db.com/exploits/12079http://www.securityfocus.com/bid/39221http://www.securitytracker.com/id?1021294http://www.voipshield.com/research-details.php?id=133https://exchange.xforce.ibmcloud.com/vulnerabilities/46673https://exchange.xforce.ibmcloud.com/vulnerabilities/57581https://www.exploit-db.com/exploits/7262
2008-11-20
Published