Vulnerability CVE-2012-3797
Published: 2012-06-25

Description:
Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, does not properly check packet sizes before reusing packet memory buffers, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a short crafted packet with a certain opcode.

Type:

CWE-119

 (Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Pro-face -> Pro-server ex 
Pro-face -> Wingp pc runtime 

 References:
https://www.hmisource.com/otasuke/news/2012/0606.html
https://www.hmisource.com/otasuke/download/update/server_ex/server_ex/Readme_E.txt
http://aluigi.org/adv/proservrex_1-adv.txt
Copyright 2024, cxsecurity.com

 

Back to Top