Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (out-of-bounds read operation) via a crafted packet that triggers a certain Find Node check attempt.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| pro-face | pro-server_ex | 1.24.200 |
| pro-face | pro-server_ex | * |
| pro-face | wingp_pc_runtime | * |
| pro-face | pro-server_ex | 1.21.000 |
| pro-face | pro-server_ex | 1.23.000 |
Integer overflow in Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (daemon crash) via a crafted packet with a certain opcode that triggers an incorrect memory allocation and a buffer overflow.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| pro-face | pro-server_ex | 1.24.200 |
| pro-face | pro-server_ex | * |
| pro-face | wingp_pc_runtime | * |
| pro-face | pro-server_ex | 1.21.000 |
| pro-face | pro-server_ex | 1.23.000 |
Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (unhandled exception and daemon crash) via a crafted packet with a certain opcode that triggers an invalid attempt to allocate a large amount of memory.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| pro-face | pro-server_ex | 1.24.200 |
| pro-face | pro-server_ex | * |
| pro-face | wingp_pc_runtime | * |
| pro-face | pro-server_ex | 1.21.000 |
| pro-face | pro-server_ex | 1.23.000 |
Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (daemon crash) via a crafted packet with a certain opcode and a large value in a size field.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| pro-face | pro-server_ex | 1.24.200 |
| pro-face | pro-server_ex | * |
| pro-face | wingp_pc_runtime | * |
| pro-face | pro-server_ex | 1.21.000 |
| pro-face | pro-server_ex | 1.23.000 |
Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to obtain sensitive information from daemon memory via a crafted packet with a certain opcode.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| pro-face | pro-server_ex | 1.24.200 |
| pro-face | pro-server_ex | * |
| pro-face | wingp_pc_runtime | * |
| pro-face | pro-server_ex | 1.21.000 |
| pro-face | pro-server_ex | 1.23.000 |
Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, does not properly check packet sizes before reusing packet memory buffers, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a short crafted packet with a certain opcode.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| pro-face | pro-server_ex | 1.24.200 |
| pro-face | pro-server_ex | * |
| pro-face | wingp_pc_runtime | * |
| pro-face | pro-server_ex | 1.21.000 |
| pro-face | pro-server_ex | 1.23.000 |