vendor:
ZoIPer
by:
Tomer Bitton (Gr33n_G0bL1n)
N/A
CVSS
HIGH
Remote Crash
CWE
Product Name: ZoIPer
Affected Version From: 2.22
Affected Version To: 2.24
Patch Exists: YES
Related CWE:
CPE:
Platforms Tested: Windows XP SP2, SP3, Ubuntu 8.10
2009
ZoIPer v2.22 Call-Info Remote Denial Of Service
This is a proof of concept for a remote denial of service vulnerability in ZoIPer v2.22. The vulnerability allows an attacker to send a malicious packet to the target that will cause the ZoIPer application to crash. The exploit code is provided in the script.
Mitigation:
The vendor has released a fix in version 2.24 Library 5324. Users should update to the latest version to mitigate this vulnerability.