Luigi Auriemma has reported multiple vulnerabilities in Pro-Server EX, which can be exploited by malicious people to disclose potentially sensitive information and cause a DoS (Denial of Service).

1) An input validation error when processing certain packets can be exploited to cause the service to crash due to accessing invalid memory via a specially crafted packet sent to e.g. TCP port 8000.

2) An integer overflow error when processing certain packets can be exploited to cause the service to crash via a specially crafted packet sent to e.g. TCP port 8000.

3) An input validation error when processing certain packets can be exploited to cause the service to crash due to an unhandled exception via a specially crafted packet sent to e.g. TCP port 8000.

4) An input validation error when processing certain packets can be exploited to cause the service to crash or disclose some memory via a specially crafted packet sent to e.g. TCP port 8000.

5) An error when processing certain packets can be exploited to cause limited memory corruption and crash the service via a specially crafted packet sent to e.g. TCP port 8000.

The vulnerabilities are reported in the following products:
* Pro-Server EX versions prior to 1.30.100.
* GP-Pro EX versions prior to 3.01.102.
* WinGP versions prior to 3.01.102.

Solution
Apply updates (please see the vendor's advisory for details).

Provided and/or discovered by
Luigi Auriemma

Changelog
Further details available to Secunia VIM customers

Original Advisory
Luigi Auriemma:
http://aluigi.altervista.org/adv/proservrex_1-adv.txt

Pro-face:
http://www.pro-face.com/news/2012/0606.html

Other references
Further details available to Secunia VIM customers

Deep Links
Links available to Secunia VIM customers