Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0738


Vulnerability Score 5.0 5.0
CVE Id CVE-2006-0738
Last Modified 07 Mar 2011 09:30:43
Published 16 Feb 2006 08:02:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Multiple format string vulnerabilities in eStara SIP softphone allow remote attackers to cause a denial of service (hang) via SIP INVITE requests with format string specifiers in the SDP session description, as demonstrated using (1) the field name, (2) the o field (owner/creator and session identifier), or (3) the m field (media name and transport address).

Vulnerable Systems


  • Estara Softphone


VUPEN - ADV-2006-0607

BUGTRAQ - 20060214 eStara SIP softphone several message-processing vulnerabilities

SECUNIA - 18872

XF - estara-sdp-format-string(24678)

BID - 16629

Last Updated: 27 May 2016 10:41:46