Go to the Softpedia homepage


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
Home / News / Security / Advisories

Advisories

Highly Critical! VOIP Vulnerability!

eCentrex software affected

By Alexandru Dumitru, Security News Editor

24th of August 2007, 08:37 GMT

Adjust text size:



Enlarge picture
This is quite serious. Such a flaw can be used by hackers to compromise a user's system. I advise you to fix the program's bug first, before using it again. If you fail to do so - it's your
risk!

I've gotten this info from the Secunia website. They have all sorts of useful information on program vulnerabilities. So, a flaw has been disclosed in the eCentrex VOIP Client Component ActiveX; and here comes the techie part: it is due to a boundary error within the eCentrex SIP UA Com Module (e800) (euacom.dll) when handling an overly long argument passed to the "ReInit()" method of the eCentrex VOIP Client Component ActiveX control (uacomx.ocx). This can be exploited to cause a stack-based buffer overflow and allows execution of arbitrary code. Also, as I've seen on the same site, this vulnerability is confirmed in eCentrex VOIP Client Component version 2.0.1.0 in combination with the eCentrex SIP UA Com Module (e800) version 2.1.1.1. The flaw may not be limited to these versions.

The vendor has released no patch yet, but a solution would be to set the kill-bit for the affected ActiveX control. If you are not very tech-savvy but you, nevertheless wish to fix this problem, get someone that knows what he's doing, because you don't want to screw this up even more! The vulnerability has been ranked as highly critical by Secunia experts, so do take care, as you have been warned!

If you do know what you are doing, then you can click on this link to see what the original advisory has to say about the remote buffer overflow exploit. Also, you may want to get some support from the ones that have initially developed the product, eCentrex, that is, so here is a link to their official website, from where you can get their contact info.

TAGS:

 voip | vulnerability | critical | flaw


Rating:
Good (3.5/5) 6 vote(s) so far    

Read by 406 user(s) | Add comment | Link to this article
Subscribe to news | Print article | Send to friend

© Copyright 2001-2008 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


China Uses US Technology to Block VoIP

Google Starts Testing Click-To-Call Services

Cicero Networks Announces the First Dual-mode VoIP Client for Nokia S60 Handsets

Axive SYS-UCO3: 4-in-1 Device for VoIP Calls

VoIP Services for the iPhone with Jajah

eXpansys and Truphone Team Up for VoIP

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 






SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and the Softpedia™ logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive