Blue Coat Systems WinProxy Connect Remote Heap Overflow Vulnerability
BID:22393
Info
Blue Coat Systems WinProxy Connect Remote Heap Overflow Vulnerability
| Bugtraq ID: | 22393 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-0796 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 05 2007 12:00AM |
| Updated: | May 12 2015 07:34PM |
| Credit: | Manuel Santamarina Suarez aka 'FistFuXXer' is credited with the discovery of this issue. |
| Vulnerable: |
Blue Coat Systems WinProxy 6.0r1c Blue Coat Systems WinProxy 2.1a |
| Not Vulnerable: |
Blue Coat Systems WinProxy 6.1r1c |
Discussion
Blue Coat Systems WinProxy Connect Remote Heap Overflow Vulnerability
WinProxy is prone to a heap-overflow vulnerability because it fails to perform sufficient boundary checks on user-supplied data before copying it to a buffer.
An attacker could leverage this issue to have arbitrary code execute with administrative privileges. A successful exploit could result in the complete compromise of the affected system.
Versions prior to 6.1r1c are vulnerable.
WinProxy is prone to a heap-overflow vulnerability because it fails to perform sufficient boundary checks on user-supplied data before copying it to a buffer.
An attacker could leverage this issue to have arbitrary code execute with administrative privileges. A successful exploit could result in the complete compromise of the affected system.
Versions prior to 6.1r1c are vulnerable.
Exploit / POC
Blue Coat Systems WinProxy Connect Remote Heap Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Blue Coat Systems WinProxy Connect Remote Heap Overflow Vulnerability
Solution:
The vendor has released version 6.1r1c to address this issue. Please see the references for more information.
Blue Coat Systems WinProxy 6.0r1c
Blue Coat Systems WinProxy 2.1a
Solution:
The vendor has released version 6.1r1c to address this issue. Please see the references for more information.
Blue Coat Systems WinProxy 6.0r1c
-
Blue Coat Systems WinProxy.exe
http://download.winproxy.com/downloads/WinProxy.exe
Blue Coat Systems WinProxy 2.1a
-
Blue Coat Systems WinProxy.exe
http://download.winproxy.com/downloads/WinProxy.exe
References
Blue Coat Systems WinProxy Connect Remote Heap Overflow Vulnerability
References:
References:
- WinProxy Home Page (Blue Coat Systems)
- Blue Coat Systems WinProxy CONNECT Method Heap Overflow Vulnerability (iDefense Labs)