CVE-2000-0204 is a vulnerability found in Trend Micro OfficeScan client version 3.5, a widely used endpoint security solution. The flaw allows remote attackers to cause a denial of service (DoS) condition by establishing five connections to the client’s TCP port 12345. This action triggers a spike in CPU utilization to 100%, effectively rendering the client machine unresponsive or severely degraded in performance. The vulnerability does not require authentication or user interaction, making it remotely exploitable over the network. The attack vector is network-based (AV:N), with low attack complexity (AC:L), no authentication required (Au:N), and impacts availability only (A:P), with no confidentiality or integrity loss. Although the vulnerability is relatively old (published in 2000), it remains relevant for legacy systems still running this version of OfficeScan. A patch is available from Trend Micro to remediate this issue, which should be applied promptly to prevent exploitation. No known exploits have been reported in the wild, but the simplicity of the attack makes it a potential risk if unpatched systems are exposed to untrusted networks.

For European organizations, this vulnerability poses a risk primarily to availability of endpoint security infrastructure. If exploited, it could cause critical security clients to become unresponsive, potentially disabling malware detection and response capabilities on affected endpoints. This could open a window for further attacks or malware infections. Organizations relying on Trend Micro OfficeScan 3.5 in legacy environments, especially those with remote or distributed workforces, may experience operational disruptions. The denial of service could also impact compliance with security policies and regulations that mandate continuous endpoint protection. While the vulnerability does not directly compromise data confidentiality or integrity, the resulting service disruption can indirectly increase risk exposure. Given the age of the vulnerability, modern deployments are unlikely to be affected, but legacy systems in sectors such as manufacturing, critical infrastructure, or government agencies may still be at risk.

European organizations should immediately verify if any endpoints are running Trend Micro OfficeScan version 3.5. If so, they must apply the official patch provided by Trend Micro (links: http://www.antivirus.com/download/ofce_patch_35.htm) to remediate the vulnerability. Network-level controls should be implemented to restrict access to TCP port 12345 from untrusted or external networks, using firewalls or intrusion prevention systems. Monitoring network traffic for unusual connection attempts to this port can help detect potential exploitation attempts. Organizations should also consider upgrading to a supported and current version of Trend Micro OfficeScan or alternative endpoint protection solutions to eliminate legacy vulnerabilities. Regular vulnerability assessments and endpoint audits will help identify outdated software versions and reduce attack surface. Finally, endpoint hardening and network segmentation can limit the impact of any denial of service attempts.