CVE-2006-0738

eStara Softphone < 3.0.1.47 - Denial of Service via SIP INVITE SDP Format String Specifiers

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-0738. PoCs published by ZwelL.

AI-analyzed exploit summary This exploit demonstrates a denial-of-service vulnerability in eStara Smartphone by sending malformed VOIP headers with format string specifiers (%s%x%n) in the SDP content. The malformed INVITE requests cause the device to crash when processing the headers.

Description

Multiple format string vulnerabilities in eStara SIP softphone allow remote attackers to cause a denial of service (hang) via SIP INVITE requests with format string specifiers in the SDP session description, as demonstrated using (1) the field name, (2) the o field (owner/creator and session identifier), or (3) the m field (media name and transport address).

Exploits (1)

exploitdb WORKING POC VERIFIED

by ZwelL · textdosmultiple

https://www.exploit-db.com/exploits/27210

View Code ZIP pw:eip

This exploit demonstrates a denial-of-service vulnerability in eStara Smartphone by sending malformed VOIP headers with format string specifiers (%s%x%n) in the SDP content. The malformed INVITE requests cause the device to crash when processing the headers.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: eStara Smartphone (version not specified)

No auth needed

Prerequisites: Network access to the target device · Ability to send SIP INVITE requests to the target

MITRE ATT&CK