|Check Point Reference:||SBP-2006-02|
|Date Published:||26 Mar 2006|
|Last Updated:||8 May 2007|
|Source:||SmartDefense Research Center|
|Protection Provided by:|
|Who is Vulnerable?||Microsoft Windows operating systems|
|Vulnerability Description||Google Talk is an application used to call or send instant messages for Microsoft Windows operating systems. Instant messaging applications may risk an organization's security in the following ways:
1. Vulnerabilities in IM applications could be exploited to compromise a user's system (i.e MSN Messenger PNG image processing).
2. An important capability of IM is file transfer that could be exploited by worms to infect a user's system.
3. Using voice data along with file transfers may result in excessive bandwidth utilization.
SmartDefense allows you to block Google Talk on standard and non-standard ports as well as to block its Web interface.
|Vulnerability Details||SmartDefense allows you to block Google Talk in the following ways:|
1. Blocking Google Talk on its default ports 5222/tcp and 5223/tcp.
2. Blocking Google Talk connections generated by non-Google Talk clients on ports SSL/443 and HTTP/8080.
3. Blocking Google Talk via the Web version of Google Talk. This interface allows a user to use Google Talk without installing the IM client on his system.