CVE-2006-0189

eStara Softphone 3.0.1.14-3.0.1.46 - Remote Code Execution via Long SDP Attribute Field

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-0189. PoCs published by kokanin, ZwelL.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in Estara Softphone 3.0.1.2 via a maliciously crafted SIP INVITE message. It delivers a bind shell on TCP port 5060 using encoded shellcode.

Description

Buffer overflow in eStara Softphone 3.0.1.14 through 3.0.1.46 allows remote attackers to execute arbitrary code via a long attribute (aka "a") field in the SDP data of a SIP packet on UDP port 5060.

Exploits (2)

exploitdb WORKING POC VERIFIED
by kokanin · perlremotewindows
https://www.exploit-db.com/exploits/1414

This exploit targets a buffer overflow vulnerability in Estara Softphone 3.0.1.2 via a maliciously crafted SIP INVITE message. It delivers a bind shell on TCP port 5060 using encoded shellcode.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Estara Softphone 3.0.1.2
No auth needed
Prerequisites: Network access to UDP port 5060 on the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by ZwelL · cremotewindows
https://www.exploit-db.com/exploits/1413

This exploit targets a buffer overflow vulnerability in eStara Softphone by sending a maliciously crafted SIP INVITE packet via UDP to port 5060. The overflow is triggered by an excessively long 'a=' field, leading to arbitrary code execution or a denial-of-service condition.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: eStara Softphone 3.0.1.14 and 3.0.1.46
No auth needed
Prerequisites: Network access to the target's UDP port 5060 · Target running vulnerable eStara Softphone
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/22348
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0167
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18410
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/421596/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/24090
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/16213
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1015481

Scores

EPSS 0.1551
EPSS Percentile 96.4%

Details

Status published
Products (2)
estara/softphone 3.0.1.14
estara/softphone 3.0.1.46
Published Jan 13, 2006
Tracked Since Feb 18, 2026