CVE-2009-2918

Name of the Vulnerable Software and Affected Versions: TheGreenBow IPSec VPN Client version 4.61.003

Description: The issue allows local users to cause a denial of service, resulting in a system crash due to a NULL pointer dereference. This can be achieved by sending a crafted request to the "0x80000034" IOCTL, possibly involving an input or output buffer size of 0.

Recommendations: For TheGreenBow IPSec VPN Client version 4.61.003, consider disabling the tgbvpn.sys driver as a temporary workaround until a patch is available. Restrict access to the IOCTL "0x80000034" to minimize the risk of exploitation. Avoid using input or output buffer sizes of 0 in the affected IOCTL until the issue is resolved.