#############################################################
#############################################################
#############################################################
Flooding an UNIStim IP Softphone on the RTCP Port with garbage immediately results in a Microsoft
Windows error message which is mostly caused by
memory corruption (buffer overflow).
This vulnerability may be exploitable to gain user privileges on the client workstation and execute
malicious commands or code.
Nortel has noted this as:
Title: UNIStim IP Softphone - Potential Vulnerability Due to Buffer Overflow
Number: 2007008382
http://support.nortel.com/go/main.jsp?cscat=SECUREADVISORY
IP Softphone 2050
June 2007: Vulnerability found
June 2007: Nortel Security notified
October 2007: Nortel Advisory available
October 2007: Compass Security Information
According to Nortel the vulnerability is still under investigation.
The Nortel advisory will be reissued if the investigation results in new prevention information.
Reference:
http://www.csnc.ch/static/advisory/secadvisorylist.html