Code injection

2012-06-2517:55:00

PRIOn knowledge base

www.prio-n.com

6.6 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.5%

JSON

Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to obtain sensitive information from daemon memory via a crafted packet with a certain opcode.

CPENameOperatorVersion
pro-server_exle1.30.000
pro-server_exeq1.21.000
pro-server_exeq1.23.000
pro-server_exeq1.24.200
wingp_pc_runtimele3.1.00

Name	Operator	Version
pro-server_ex	le	1.30.000
pro-server_ex	eq	1.21.000
pro-server_ex	eq	1.23.000
pro-server_ex	eq	1.24.200
wingp_pc_runtime	le	3.1.00

References

aluigi.org/adv/proservrex_1-adv.txt

ics-cert.us-cert.gov/advisories/ICSA-12-179-01

secunia.com/advisories/49172

www.securityfocus.com/bid/53499

www.hmisource.com/otasuke/download/update/server_ex/server_ex/Readme_E.txt

www.hmisource.com/otasuke/news/2012/0606.html