/>
X
Innovation

VoIP vulnerabilities in Microsoft Communicator

Researchers at VoIPshield Labs have pinpointed a wide range of denial-of-service vulnerabilities in Microsoft Communicator, the unified communications that features business-grade instant messaging , voice, and video tools.The flaws, rated "high severity," could cripple VoIP-powered communications on Office Communications Server 2007, Office Communicator and Windows Live Messenger.
Written by Ryan Naraine, Contributor on

Researchers at VoIPshield Labs have pinpointed a wide range of denial-of-service vulnerabilities in Microsoft Communicator, the unified communications that features business-grade instant messaging , voice, and video tools.

The flaws, rated "high severity," could cripple VoIP-powered communications on Office Communications Server 2007, Office Communicator and Windows Live Messenger.

The skinny:

  • Microsoft Communicator Emoticon:  By issuing instant messages to a client which contain a very large number of emoticons it is possible to cause the Microsoft Communicator to become nonresponsive for a certain period of time. During this period of time the phone does not respond to incoming invite messages and can even be forced to go into an offline state, eventually requiring the phone to reregister.
  • Microsoft Communicator INVITE Flood: Due to the manner in which sessions and authentication are managed it is possible to cause Microsoft Communicator to open a very large number of sessions resulting in the consumption of huge amounts of memory, potentially resulting in a Denial of Service.
  • Microsoft Communicator Real-time Transport Control Protocol Report Block: Using a specially crafted RTCP receiver report packet it is possible cause a Denial of Service (DoS) against Microsoft Communicator, Office Communications Server (OCS) and Windows Live Messenger.

The company said Microsoft has acknowledged the issues.

Editorial standards

Related

The 16 best Cyber Monday deals under $30 still available
Amazon Fire TV Stick 4K

The 16 best Cyber Monday deals under $30 still available

Epson is going to stop selling laser printers. Here's why
piles-of-paper.jpg

Epson is going to stop selling laser printers. Here's why

These file types are the ones most commonly used by hackers to hide their malware
getty-a-woman-looking-at-a-laptop-with-a-concerned-expression.jpg

These file types are the ones most commonly used by hackers to hide their malware