I verified this vulnerability in BlackICE Defender 2.9.can as well. ---------- Original Message ---------------------------------- From: "Matt Taylor" <quisit@quest.net> Date: Sun, 3 Feb 2002 22:26:50 -0600 >The current version of BlackICE Defender (2.9.caq and 2.9.cap) running on a >Windows 2000 machine can be remotely crashed using a very basic ping flood. >This has been tested with Divine Intervention 2 & 3, Sisoft Sandra Network >(LAN) benchmark. >Setting the packet size to about 10,000 bytes causes a Blue Screen of Death >(or immediate system reboot). After extensive correspondence with ISS >support they basically told me they'd "look into it." They have not >responded since 12/21/01 and their newest patch 2.9.caq (released after) >does not address this issue. More details available if requested. > >Matt Taylor > >
