cbcvebase.
CVE-2008-5180
published 2008-11-20

CVE-2008-5180: Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large…

PriorityP346medium5.3CVSS 3.1
AVNACLPRNUINSUCNINAL
EXPLOIT
EPSS
67.98%
99.2th percentile
Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions.

Detection & IOCsextracted from sources · hover to see the quote

urlsip:arpman.malicious.com
commandINVITE sip:arpman.malicious.com SIP/2.0 Via: SIP/2.0/UDP 172.16.16.4;branch=123-4567-900
  • Detect a flood of SIP INVITE requests targeting Microsoft Communicator; high-volume repeated INVITE messages to the same SIP URI from a single source are indicative of this DoS attack.
  • Monitor for SIP INVITE packets over UDP (default port 5060) containing the Via header value 'SIP/2.0/UDP 172.16.16.4;branch=123-4567-900' as a specific exploit signature from the published PoC.
  • Alert on rapid memory consumption growth in the Microsoft Communicator process coinciding with a spike in inbound SIP INVITE session creation.
  • The exploit sends packets in an infinite loop over UDP; detect continuous high-rate UDP flows to SIP port 5060 from a single source IP as a network-level indicator.
  • ·The exploit also supports TCP transport; defenders should monitor SIP INVITE floods on both UDP and TCP port 5060.

CVSS provenance

nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.