CVE-2012-3794

Pro-face Pro-server EX < 1.30.000 - Memory Corruption

Title source: rule

Description

Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (unhandled exception and daemon crash) via a crafted packet with a certain opcode that triggers an invalid attempt to allocate a large amount of memory.

Exploits (1)

exploitdb WRITEUP

doswindows

https://www.exploit-db.com/exploits/18878

View Code ZIP pw:eip

References (7)

[Exploit] http://aluigi.org/adv/proservrex_1-adv.txt

[Various Sources] http://ics-cert.us-cert.gov/advisories/ICSA-12-179-01

[Various Sources] https://www.hmisource.com/otasuke/download/update/server_ex/server_ex/Readme_E.txt

[Vendor Advisory] https://www.hmisource.com/otasuke/news/2012/0606.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/53499

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/75551

[Third Party Advisory] http://secunia.com/advisories/49172

Scores

EPSS 0.2507

EPSS Percentile 96.2%

Details

CWE

CWE-119

Status published

Products (5)

pro-face/pro-server_ex 1.21.000

pro-face/pro-server_ex 1.23.000

pro-face/pro-server_ex 1.24.200

pro-face/pro-server_ex < 1.30.000

pro-face/wingp_pc_runtime < 3.1.00

Published Jun 25, 2012

Tracked Since Feb 18, 2026