Vulnerability in Black ICE Defender
Source: SNP
Some interesting discussions are going on concerning BlackIce Defender and its vulnerability to attack from remote sending it into a 'Blue Screen of Death'. The report goes on to say :
This issue has been replicated when either sending or receiving 10,000-byte
ping packets when running Black Ice Defender, latest version (2.9.cap). In
both cases, a kernel-mode exception was triggered, causing a BSOD. The
circumstances differ depending on whether the machine was sending or
receiving the packets.
When the sender of the flood is running BID, the machine quickly suffers a
BSOD, exception 0x1E, in blackdrv.sys. Exception 0x1E occurs when a
kernel-mode exception is not handled, indicating poor coding practice or
insufficient testing within a kernel-mode driver.
When a machine running BID is the recipient of the flood, a different
kernel-mode exception is seen, again in blackd.sys. STOP 0xD1 indicates
that a driver has tried to access pageable or non-existant memory while the
process IRQL was high. In at least one instance, the fault was generated by
an attempted write to address 0x0 - a common error when coding in C++.