Check Point Advisories

How To Protect Against Instant Messaging Vulnerabilities: Blocking Google Talk

Check Point Reference: SBP-2006-02
Date Published: 26 Mar 2006
Severity: High
Last Updated: Tuesday 08 May, 2007
Source: SmartDefense Research Center
Industry Reference:CVE-2005-3899
CVE-2005-3678
Protection Provided by:
Who is Vulnerable? Microsoft Windows operating systems
Vulnerability Description Google Talk is an application used to call or send instant messages for Microsoft Windows operating systems. Instant messaging applications may risk an organization's security in the following ways:

1. Vulnerabilities in IM applications could be exploited to compromise a user's system (i.e MSN Messenger PNG image processing).  
2. An important capability of IM is file transfer that could be exploited by worms to infect a user's system.
3. Using voice data along with file transfers may result in excessive bandwidth utilization.

SmartDefense allows you to block Google Talk on standard and non-standard ports as well as to block its Web interface.

Vulnerability DetailsSmartDefense allows you to block Google Talk in the following ways:

1. Blocking Google Talk on its default ports 5222/tcp and 5223/tcp.
2. Blocking Google Talk connections generated by non-Google Talk clients on ports SSL/443 and HTTP/8080.
3. Blocking Google Talk via the Web version of Google Talk. This interface allows a user to use Google Talk without installing the IM client on his system.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK