CVE-2012-1008

OfficeSIP Server 3.1 - Denial of Service via Crafted SIP INVITE To Header

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-1008. PoCs published by SecPod Research.

AI-analyzed exploit summary This exploit targets a denial-of-service vulnerability in OfficeSIP Server 3.1 by sending a malformed SIP INVITE request with an invalid 'To' header. The server crashes upon processing the request, rendering the service unresponsive.

Description

OfficeSIP Server 3.1 allows remote attackers to cause a denial of service (daemon crash) via a crafted To header in a SIP INVITE message.

Exploits (1)

exploitdb WORKING POC VERIFIED

by SecPod Research · textdoswindows

https://www.exploit-db.com/exploits/18453

View Code ZIP pw:eip

This exploit targets a denial-of-service vulnerability in OfficeSIP Server 3.1 by sending a malformed SIP INVITE request with an invalid 'To' header. The server crashes upon processing the request, rendering the service unresponsive.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: OfficeSIP Server 3.1

No auth needed

Prerequisites: Network access to the target server on port 5060/UDP

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Various Sources x_refsource_misc

http://secpod.org/blog/?p=461

Various Sources x_refsource_misc

http://secpod.org/advisories/SecPod_Exploit_OfficeSIP_Server_DOS_Vuln.txt

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/18453

Exploit x_refsource_misc

http://secpod.org/exploits/SecPod_Exploit_OfficeSIP_Server_DOS.py

Scores

EPSS 0.1031

EPSS Percentile 95.1%

Details

CWE

CWE-20

Status published

Products (1)

officesip/officesip_server 3.1

Published Feb 08, 2012

Tracked Since Feb 18, 2026