Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions.

Threat-Mapped Scoring

Score: 1.5

Priority: P4 - Informational (Low)

• S10 – Denial of Service

EPSS

Score: 0.85274
Percentile: 0.99306

CVSS Scoring

Mapped CWE(s)

• CWE-770 : Allocation of Resources Without Limits or Throttling

All CAPEC(s)

CAPEC(s) with Mapped TTPs

Mapped ATT&CK TTPs

• T1498.001 : Direct Network Flood
  Kill Chain: impact
• T1499 : Endpoint Denial of Service
  Kill Chain: impact
• T1499.003 : Application Exhaustion Flood
  Kill Chain: impact
• T1499.002 : Service Exhaustion Flood
  Kill Chain: impact
• T1498.001 : Direct Network Flood
  Kill Chain: impact
• T1499.001 : OS Exhaustion Flood
  Kill Chain: impact
• T1499.002 : Service Exhaustion Flood
  Kill Chain: impact
• T1499.002 : Service Exhaustion Flood
  Kill Chain: impact
• T1499.002 : Service Exhaustion Flood
  Kill Chain: impact
• T1498.002 : Reflection Amplification
  Kill Chain: impact
• T1499.002 : Service Exhaustion Flood
  Kill Chain: impact
• T1498.001 : Direct Network Flood
  Kill Chain: impact

Malware

APTs Threat Group Associations

Campaigns

Affected Products

• cpe:2.3:a:microsoft:office_communicator:*:*:*:*:*:*:*:*

← Back to Home