CVE-2008-5180

MEDIUM

Microsoft Office Communicator - Denial of Service via SIP INVITE Request Flood

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-5180. PoCs published by Praveen Darshanam, indoushka.

AI-analyzed exploit summary This Perl script exploits CVE-2008-5180 by flooding a Microsoft Communicator server with SIP INVITE requests, causing a denial of service (DoS) due to excessive memory consumption. It uses UDP (or TCP) to send malformed SIP packets in an infinite loop.

Description

Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Praveen Darshanam · perldoswindows
https://www.exploit-db.com/exploits/7262

This Perl script exploits CVE-2008-5180 by flooding a Microsoft Communicator server with SIP INVITE requests, causing a denial of service (DoS) due to excessive memory consumption. It uses UDP (or TCP) to send malformed SIP packets in an infinite loop.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Microsoft Communicator (SIP implementation)
No auth needed
Prerequisites: Network access to the target SIP server · Perl environment
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by indoushka · perldoswindows
https://www.exploit-db.com/exploits/12079

This Perl script exploits CVE-2008-5180 by sending a continuous stream of SIP INVITE requests to a target server, causing a denial of service (DoS) via memory consumption. It uses UDP (or TCP) to flood the target with malformed SIP traffic.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Microsoft Office Communicator (2010 beta)
No auth needed
Prerequisites: Network access to the target server · UDP/TCP port accessibility
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7262
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/39221
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/46673
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1021294
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/12079
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/57581
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32940

Scores

CVSS v3 5.3
EPSS 0.6798
EPSS Percentile 99.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-770
Status published
Products (1)
microsoft/office_communicator
Published Nov 20, 2008
Tracked Since Feb 18, 2026