Pro-face Pro-Server EX WinGP PC Runtime Multiple Vulnerabilities

No description provided by source. Luigi Auriemma Application: Pro-face Pro-Server EX WinGP PC Runtime http://www.profaceamerica.com/cms/resourcelibrary/products/9e3c2a7965a27592/index.html Versions: ProServr = 1.30.000 PCRuntime = 3.1.00 Platforms: Windows Bug: A Find Node invalid memory access ...

CVE-2012-3796

Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to obtain sensitive information from daemon memory via a crafted packet with a certain opcode...

CVE-2012-3792

Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service out-of-bounds read operation via a crafted packet that triggers a certain Find Node check attempt...

CVE-2012-3794

Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service unhandled exception and daemon crash via a crafted packet with a certain opcode that triggers an invalid attempt to allocate a large...

CVE-2012-3795

Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service daemon crash via a crafted packet with a certain opcode and a large value in a size field...

Memory corruption

Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, does not properly check packet sizes before reusing packet memory buffers, which allows remote attackers to cause a denial of service heap memory corruption or possibly have unspecified...

Integer overflow

Integer overflow in Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service daemon crash via a crafted packet with a certain opcode that triggers an incorrect memory allocation and a buffer...

Code injection

Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service daemon crash via a crafted packet with a certain opcode and a large value in a size field...

Out-of-bounds

Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service out-of-bounds read operation via a crafted packet that triggers a certain Find Node check attempt...

Design/Logic Flaw

Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service unhandled exception and daemon crash via a crafted packet with a certain opcode that triggers an invalid attempt to allocate a large...

CVE-2012-3796

Pro-face WinGP PC Runtime 3.1.00 and earlier and Pro-face Pro-Server EX 1.30.000 and earlier are affected by CVE-2012-3796, which allows remote attackers to obtain sensitive information from daemon memory by sending a crafted packet with a specific opcode. The issue is described as an information...

CVE-2012-3795

CVE-2012-3795 affects Pro-face WinGP PC Runtime ≤3.1.00 and Pro-face Pro-Server EX ≤1.30.00 (ProServr.exe). A crafted network packet with a specific opcode and an oversized size field can trigger an out-of-bounds/write condition, causing a remote denial of service (daemon crash). Public details d...

CVE-2012-3796

Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to obtain sensitive information from daemon memory via a crafted packet with a certain opcode...

CVE-2012-3795

Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service daemon crash via a crafted packet with a certain opcode and a large value in a size field...

CVE-2012-3797

CVE-2012-3797 affects Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier. The root cause is improper validation of packet sizes before reusing packet memory buffers, enabling a remote attacker to cause a denial of service via heap memory ...

CVE-2012-3797

Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, does not properly check packet sizes before reusing packet memory buffers, which allows remote attackers to cause a denial of service heap memory corruption or possibly have unspecified...

CVE-2012-3794

Pro-face Pro-Server EX (versions up to 1.30.00) and WinGP PC Runtime (up to 3.1.00) are affected by CVE-2012-3794. A crafted packet with a specific opcode can trigger an invalid attempt to allocate a large amount of memory, causing an unhandled exception and a DoS in the affected server/runtime. ...

CVE-2012-3792

The vulnerability CVE-2012-3792 affects Pro-face WinGP PC Runtime <= 3.1.00 and Pro-face Pro-Server EX

CVE-2012-3793

Integer overflow in Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service daemon crash via a crafted packet with a certain opcode that triggers an incorrect memory allocation and a buffer...

Pro-face Pro-Server EX WinGP PC Runtime - Multiple Vulnerabilities

Pro-face Pro-Server EX WinGP PC Runtime - Multiple Vulnerabilities Luigi Auriemma Application: Pro-face Pro-Server EX WinGP PC Runtime http://www.profaceamerica.com/cms/resourcelibrary/products/9e3c2a7965a27592/index.html Versions: ProServr = 1.30.000 PCRuntime = 3.1.00 Platforms: Windows Bug: A...