Daily cyber threats and internet security news: network security, online safety and latest security alerts
November 17th, 2008

Severe VoIP Vulnerabilities In Microsoft Communicator

Researchers at VoIPshield Labs have reported a wide range of denial-of-service vulnerabilities in Microsoft Communicator, the unified communications that features business-grade instant messaging, voice, and video tools.

The flaws, rated “high severity,” could cripple VoIP-powered communications on Office Communications Server 2007, Office Communicator and Windows Live Messenger.

The vulnerabilities include:

Microsoft Communicator Emoticon: By issuing instant messages to a client which contain a very large number of emoticons it is possible to cause the Microsoft Communicator to become nonresponsive for a certain period of time. During this period of time the phone does not respond to incoming invite messages and can even be forced to go into an offline state, eventually requiring the phone to reregister.

Microsoft Communicator INVITE Flood: Due to the manner in which sessions and authentication are managed it is possible to cause Microsoft Communicator to open a very large number of sessions resulting in the consumption of huge amounts of memory, potentially resulting in a Denial of Service.

Microsoft Communicator Real-time Transport Control Protocol Report Block: Using a specially crafted RTCP receiver report packet it is possible cause a Denial of Service (DoS) against Microsoft Communicator, Office Communications Server (OCS) and Windows Live Messenger.

The company said Microsoft has acknowledged the issues.

Share this item with others:

More on CyberInsecure:
  • New Sniffer Can Attack VoIP Users
  • Two Severe Flaws In Opera Browser
  • 7 Vulnerabilities, Some Are Extremely Severe, Patched In New Opera 9.52
  • Critical Flaws Patched In Opera 9.61, New Zero-day Vulnerability Remains Unpatched
  • Microsoft’s Report Shows Vista More Secure Than XP

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Severe VoIP Vulnerabilities In Microsoft Communicator

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.