CVE-2012-3793

Pro-face Pro-server EX < 1.30.000 - Memory Corruption

Title source: rule

Description

Integer overflow in Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (daemon crash) via a crafted packet with a certain opcode that triggers an incorrect memory allocation and a buffer overflow.

Exploits (1)

exploitdb WRITEUP

doswindows

https://www.exploit-db.com/exploits/18878

View Code ZIP pw:eip

References (7)

[Exploit] http://aluigi.org/adv/proservrex_1-adv.txt

[Various Sources] http://ics-cert.us-cert.gov/advisories/ICSA-12-179-01

[Various Sources] https://www.hmisource.com/otasuke/download/update/server_ex/server_ex/Readme_E.txt

[Vendor Advisory] https://www.hmisource.com/otasuke/news/2012/0606.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/53499

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/75547

[Third Party Advisory] http://secunia.com/advisories/49172

Scores

EPSS 0.1301

EPSS Percentile 94.1%

Details

CWE

CWE-119

Status published

Products (5)

pro-face/pro-server_ex 1.21.000

pro-face/pro-server_ex 1.23.000

pro-face/pro-server_ex 1.24.200

pro-face/pro-server_ex < 1.30.000

pro-face/wingp_pc_runtime < 3.1.00

Published Jun 25, 2012

Tracked Since Feb 18, 2026