CVE-2012-3796

Pro-face Pro-server EX < 1.30.000 - Information Disclosure

Title source: rule

Description

Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to obtain sensitive information from daemon memory via a crafted packet with a certain opcode.

Exploits (1)

exploitdb WRITEUP

doswindows

https://www.exploit-db.com/exploits/18878

View Code ZIP pw:eip

References (6)

[Exploit] http://aluigi.org/adv/proservrex_1-adv.txt

[Various Sources] http://ics-cert.us-cert.gov/advisories/ICSA-12-179-01

[Various Sources] https://www.hmisource.com/otasuke/download/update/server_ex/server_ex/Readme_E.txt

[Vendor Advisory] https://www.hmisource.com/otasuke/news/2012/0606.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/53499

[Third Party Advisory] http://secunia.com/advisories/49172

Scores

EPSS 0.2091

EPSS Percentile 95.6%

Details

CWE

CWE-200

Status published

Products (5)

pro-face/pro-server_ex 1.21.000

pro-face/pro-server_ex 1.23.000

pro-face/pro-server_ex 1.24.200

pro-face/pro-server_ex < 1.30.000

pro-face/wingp_pc_runtime < 3.1.00

Published Jun 25, 2012

Tracked Since Feb 18, 2026