CVE-2012-3797

Pro-face Pro-Server EX < 1.30.000 and WinGP PC Runtime < 3.1.00 - Heap Memory Corruption via Crafted Packet

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-3797. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary This is a detailed technical analysis of multiple vulnerabilities in Pro-face Pro-Server EX and WinGP PC Runtime, including memory corruption, integer overflow, and unhandled exceptions. The writeup provides disassembly snippets, root cause analysis, and exploitation details.

Description

Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, does not properly check packet sizes before reusing packet memory buffers, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a short crafted packet with a certain opcode.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Luigi Auriemma · textdoswindows

https://www.exploit-db.com/exploits/18878

View Code ZIP pw:eip

This is a detailed technical analysis of multiple vulnerabilities in Pro-face Pro-Server EX and WinGP PC Runtime, including memory corruption, integer overflow, and unhandled exceptions. The writeup provides disassembly snippets, root cause analysis, and exploitation details.

Classification

Writeup 100%

Attack Type

Other

Complexity

Moderate

Reliability

Theoretical

Target: Pro-face Pro-Server EX <= 1.30.000, WinGP PC Runtime <= 3.1.00

No auth needed

Prerequisites: Network access to the vulnerable service

MITRE ATT&CK