CVE-2012-3797

Sažetak

Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, does not properly check packet sizes before reusing packet memory buffers, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a short crafted packet with a certain opcode.

Reference

http://aluigi.org/adv/proservrex_1-adv.txt
http://ics-cert.us-cert.gov/advisories/ICSA-12-179-01
http://secunia.com/advisories/49172
http://www.securityfocus.com/bid/53499
https://www.hmisource.com/otasuke/download/update/server_ex/server_ex/Readme_E.txt
https://www.hmisource.com/otasuke/news/2012/0606.html

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

21-05-2013 - 03:19

Objavljeno

25-06-2012 - 17:55