ZoIPer < 2.24 Crafted SIP INVITE Request Remote DoS

Medium Nessus Plugin ID 48273


The remote Windows host contains an application that is susceptible to a denial of service attack.


According to its version, the instance of Zoiper, a VoIP software phone application, installed on the remote host may crash if it receives a specially crafted SIP packet.

An unauthenticated, remote attacker can leverage this issue to deny service to legitimate users.


Upgrade to version 2.24 or later as that reportedly addresses the issue.

Plugin Details

Severity: Medium

ID: 48273

File Name: zoiper_2_24.nasl

Version: $Revision: 1.6 $

Type: local

Agent: windows

Family: Windows

Published: 2010/08/09

Modified: 2015/01/12

Dependencies: 13855

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2009/10/14

Vulnerability Publication Date: 2009/10/14

Reference Information

CVE: CVE-2009-3704

BID: 42214

OSVDB: 59047

EDB-ID: 9987