Don't know if this has already been mention or not but....

From Symantec

ISS BlackICE ping flood buffer overflow allows code execution
Risk
MEDIUM

Date Discovered
02-04-2002

Description
Symantec is aware of a remote access buffer overflow condition existing in versions of ISS BlackICE and RealSecure firewall/IDS products that can potentially allow a remote attacker to execute arbitrary code with kernel-level access on targeted systems.

Versions of ISS's BlackICE and RealSecure products running on Microsoft Windows 2000 and XP platforms allow a remote attacker to send a modified ping flood of fragmented ICMP echo request packets that can crash the targeted system upon which the firewall/IDS product resides or, if the packets are carefully crafted, allow the remote attacker to run arbitrary code with kernel-level privileges.

While the risk to corporate systems may be limited since most corporate networks deny all ICMP packets from external addresses, small business and cable modem users could be at a high risk of system compromise since they would not normally be using additional perimeter firewalls as a part of a multi-layered network defense.

There are no known publicly released exploits for this vulnerability at the time of this posting. This vulnerability was originally discovered by Matt Taylor.

Platform(s) Affected
Windows
For more info:

Symantec