VOIP, Video-Conferencing Apps Face Security Risk
Certain vendor implementations of the H.323 protocol could open multimedia applications to denial-of-service attacks and buffer overflows, U.K. security researchers reported on Tuesday.Multimedia applications such as voice over IP telephony and video conferencing could be vulnerable to security breaches because of flaws in the way a major telephony standard is being used. Some vendors implementations of the H.323 protocol, an International Telecommunications Union standard for communication among telephony and multimedia devices, are vulnerable to denial of service attacks and, to a lesser extent, the execution of code and system takeovers through buffer overflows, according to an advisory issued Tuesday by the United Kingdoms National Infrastructure Security Co-Ordination Centre (NISCC). Microsoft Corp. and Cisco Systems Inc. were the only vendors to issue patches and advisories as of Tuesday afternoon, even though products from several other vendors also could be at risk.
As part of a series of security bulletins it issued on Tuesday, Microsoft released one rated "critical" for its Internet Security and Acceleration Server 2000 software, pointing to a flaw in the H.323 filter that could allow an attacker, through a buffer overflow, to take over control of the system.