The SMB Mailslot parsing functionality in PAM in multiple ISS products with XPU (24.39/1.78/epj/x.x.x.1780), including Proventia A, G, M, Server, and Desktop, BlackICE PC and Server Protection 3.6, and RealSecure 7.0, allows remote attackers to cause a denial of service (infinite loop) via a crafted SMB packet that is not properly handled by the SMB_Mailslot_Heap_Overflow decode.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Blackice_pc_protection | Iss | 3.6cpk (including) | 3.6cpk (including) |
| Blackice_server_protection | Iss | 3.6cpk (including) | 3.6cpk (including) |
| Proventia_desktop | Iss | 8.0.675.1790 (including) | 8.0.675.1790 (including) |
| Proventia_desktop | Iss | 8.0.812.1790 (including) | 8.0.812.1790 (including) |
| Realsecure_desktop | Iss | 7.0epk (including) | 7.0epk (including) |
| Realsecure_network | Iss | 7.0 (including) | 7.0 (including) |
| Realsecure_server_sensor | Iss | 7.0 (including) | 7.0 (including) |