Skip to main content

CVE-2000-0203: The Trend Micro OfficeScan client tmlisten.exe allows remote attackers to cause a denial of service

Medium
VulnerabilityCVE-2000-0203cve-2000-0203denial of service
Published: Mon Feb 28 2000 (02/28/2000, 05:00:00 UTC)
Source: NVD
Vendor/Project: trend_micro
Product: officescan

Description

The Trend Micro OfficeScan client tmlisten.exe allows remote attackers to cause a denial of service via malformed data to port 12345.

AI-Powered Analysis

AILast updated: 07/01/2025, 01:26:49 UTC

Technical Analysis

CVE-2000-0203 is a vulnerability found in the Trend Micro OfficeScan client version 3.5, specifically in the tmlisten.exe component. This executable listens on TCP port 12345 and is responsible for handling certain client communications. The vulnerability allows remote attackers to send malformed data packets to this port, which causes the tmlisten.exe process to crash, resulting in a denial of service (DoS) condition. The flaw does not require authentication or user interaction, and can be exploited remotely over the network. The impact is limited to availability, as the attack causes the OfficeScan client to stop functioning properly until it is restarted or the system is rebooted. No confidentiality or integrity impacts are reported. The vulnerability has a CVSS v2 base score of 5.0, indicating a medium severity level. A patch addressing this issue is available from Trend Micro, and it is recommended to apply it to affected systems to prevent exploitation. There are no known exploits in the wild reported for this vulnerability, likely due to its age and the availability of patches. However, unpatched legacy systems may still be vulnerable if exposed to untrusted networks.

Potential Impact

For European organizations, the primary impact of this vulnerability is the potential disruption of endpoint security services provided by Trend Micro OfficeScan clients. A successful DoS attack could disable antivirus and malware protection on affected endpoints, increasing the risk of further compromise by malware or other attacks. This could be particularly critical in sectors with high security requirements such as finance, healthcare, and critical infrastructure, where endpoint protection is essential for regulatory compliance and operational continuity. Additionally, disruption of security software could lead to gaps in threat detection and response, increasing the risk of data breaches or ransomware infections. Although the vulnerability itself does not lead directly to data loss or unauthorized access, the secondary effects of disabling endpoint protection could be significant. Organizations with remote or distributed workforces may be more exposed if client systems are reachable over the internet or unsecured networks.

Mitigation Recommendations

1. Apply the official patch provided by Trend Micro for OfficeScan version 3.5 immediately to all affected clients. The patch is available at http://www.antivirus.com/download/ofce_patch_35.htm. 2. Restrict network access to TCP port 12345 on client machines using firewall rules, allowing only trusted management servers or internal networks to communicate with the OfficeScan client. 3. Conduct network segmentation to isolate legacy systems running outdated OfficeScan versions from critical infrastructure and sensitive data environments. 4. Monitor network traffic for unusual or malformed packets targeting port 12345 to detect potential exploitation attempts. 5. Consider upgrading to a supported and actively maintained endpoint protection solution to avoid risks associated with legacy software vulnerabilities. 6. Implement endpoint detection and response (EDR) tools that can detect and alert on process crashes or abnormal behavior of security clients. 7. Educate IT staff about the risks of running unsupported software and the importance of timely patch management.

Need more detailed analysis?Get Pro

Threat ID: 682ca32db6fd31d6ed7df897

Added to database: 5/20/2025, 3:43:41 PM

Last enriched: 7/1/2025, 1:26:49 AM

Last updated: 7/29/2025, 5:32:29 AM

Views: 8

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats