CVE-2004-1109 | Vulnerability Database | Aqua Security

The FWDRV.SYS driver in Kerio Personal Firewall 4.1.1 and earlier allows remote attackers to cause a denial of service (CPU consumption and system freeze from infinite loop) via a (1) TCP, (2) UDP, or (3) ICMP packet with a zero length IP Option field.

Affected Software

Name	Vendor	Start Version	End Version
Personal_firewall	Kerio	4.0.6 (including)	4.0.6 (including)
Personal_firewall	Kerio	4.0.7 (including)	4.0.7 (including)
Personal_firewall	Kerio	4.0.8 (including)	4.0.8 (including)
Personal_firewall	Kerio	4.0.9 (including)	4.0.9 (including)
Personal_firewall	Kerio	4.0.10 (including)	4.0.10 (including)
Personal_firewall	Kerio	4.0.16 (including)	4.0.16 (including)
Personal_firewall	Kerio	4.1 (including)	4.1 (including)
Personal_firewall	Kerio	4.1.1 (including)	4.1.1 (including)

References

http://www.eeye.com/html/research/advisories/AD20041109.html
http://www.kerio.com/security_advisory.html
http://www.securityfocus.com/bid/11639
https://exchange.xforce.ibmcloud.com/vulnerabilities/17992

NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-1109
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html