CVE-2004-1109

Kerio Personal Firewall - Denial of Service

Title source: rule

Description

The FWDRV.SYS driver in Kerio Personal Firewall 4.1.1 and earlier allows remote attackers to cause a denial of service (CPU consumption and system freeze from infinite loop) via a (1) TCP, (2) UDP, or (3) ICMP packet with a zero length IP Option field.

Exploits (1)

exploitdb WORKING POC VERIFIED

by houseofdabus · cdoswindows

https://www.exploit-db.com/exploits/626

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/17992

[Vendor Advisory] http://www.kerio.com/security_advisory.html

[Exploit, Patch, Vendor Advisory] http://www.securityfocus.com/bid/11639

[Various Sources] http://www.eeye.com/html/research/advisories/AD20041109.html

Scores

EPSS 0.0489

EPSS Percentile 89.6%

Details

Status published

Products (8)

kerio/personal_firewall 4.0.6

kerio/personal_firewall 4.0.7

kerio/personal_firewall 4.0.8

kerio/personal_firewall 4.0.9

kerio/personal_firewall 4.0.10

kerio/personal_firewall 4.0.16

kerio/personal_firewall 4.1

kerio/personal_firewall 4.1.1

Published Jan 10, 2005

Tracked Since Feb 18, 2026