mailing list archives
TrendMicro OfficeScan tmlisten.exe DoS
From: JStevens () UMEME MAINE EDU (Jeff Stevens)
Date: Fri, 25 Feb 2000 17:10:17 -0500
While playing around with nmap I managed to pull down a bunch of our NT
workstations running OfficeScan. This could potentially be used as a DoS
attack to bring down any NT machine running OfficeScan. I used the
following command where machine.domain.com is a Windows NT machine running
either SP 4 or 5 or a Win2k RC3 box.
nmap -sT -O -p 12345 machine.domain.com
One of three things can happen:
(1) Nothing -- rare but it does happen.
(2) The machine slows to a halt as tmlisten.exe pulls 100% CPU.
(3) Visual C++ error as tmlisten.exe crashes.
OfficeScan 3.5, scan engine 5.100 and pattern file 663 are running on the
target machine. (all current)
I can also make the process dump with a Visual C++ error if I send a bunch
of data via telnet.
Upon contacting Trend via phone, they said they were aware of a similar
problem with earlier versions but version 3.5 has been fixed. They are
looking into it.
Curious if anyone else can recreate this? Or give me a set of addresses and
I'll see if I can! :^)
5711 Boardman Hall, Room 17
Orono, ME 04469
Re: Wordpad vulnerability, exploitable also in IE for Win9x Curtis Anderson, CNE, MCSE (Feb 25)
Troj_Trinoo and ZZ Simple Nomad (Feb 26)
DOS in TrendMicro OfficeScan Veille Technologique (Feb 28)
TrendMicro OfficeScan tmlisten.exe DoS Jeff Stevens (Feb 25)
Re: Troj_Trinoo and ZZ Simple Nomad (Feb 27)
Pragma Systems response to USSRLabs report Ussr Labs (Feb 23)
Re: Wordpad vulnerability, exploitable also in IE for Win9x Pauli Ojanpera (Feb 24)
Re: Wordpad vulnerability, exploitable also in IE for Win9x Charles Skoglund (Feb 24)
Re: Wordpad vulnerability, exploitable also in IE for Win9x Sanford Whiteman (Feb 24)
- Re: Zonealarm exports sensitive data, (continued)