MidnightBSD

Advisories for pro-face

CVE-2012-3792 MEDIUM

Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (out-of-bounds read operation) via a crafted packet that triggers a certain Find Node check attempt.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
pro-face pro-server_ex 1.24.200
pro-face pro-server_ex *
pro-face wingp_pc_runtime *
pro-face pro-server_ex 1.21.000
pro-face pro-server_ex 1.23.000
CVE-2012-3793 MEDIUM

Integer overflow in Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (daemon crash) via a crafted packet with a certain opcode that triggers an incorrect memory allocation and a buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
pro-face pro-server_ex 1.24.200
pro-face pro-server_ex *
pro-face wingp_pc_runtime *
pro-face pro-server_ex 1.21.000
pro-face pro-server_ex 1.23.000
CVE-2012-3794 MEDIUM

Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (unhandled exception and daemon crash) via a crafted packet with a certain opcode that triggers an invalid attempt to allocate a large amount of memory.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
pro-face pro-server_ex 1.24.200
pro-face pro-server_ex *
pro-face wingp_pc_runtime *
pro-face pro-server_ex 1.21.000
pro-face pro-server_ex 1.23.000
CVE-2012-3795 MEDIUM

Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (daemon crash) via a crafted packet with a certain opcode and a large value in a size field.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
pro-face pro-server_ex 1.24.200
pro-face pro-server_ex *
pro-face wingp_pc_runtime *
pro-face pro-server_ex 1.21.000
pro-face pro-server_ex 1.23.000
CVE-2012-3796 MEDIUM

Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to obtain sensitive information from daemon memory via a crafted packet with a certain opcode.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
pro-face pro-server_ex 1.24.200
pro-face pro-server_ex *
pro-face wingp_pc_runtime *
pro-face pro-server_ex 1.21.000
pro-face pro-server_ex 1.23.000
CVE-2012-3797 HIGH

Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, does not properly check packet sizes before reusing packet memory buffers, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a short crafted packet with a certain opcode.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
pro-face pro-server_ex 1.24.200
pro-face pro-server_ex *
pro-face wingp_pc_runtime *
pro-face pro-server_ex 1.21.000
pro-face pro-server_ex 1.23.000