Vulnerabilities > CVE-2007-0796 - Remote Heap Overflow vulnerability in Bluecoat Winproxy 6.0/6.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Blue Coat Systems WinProxy 6.1a and 6.0 r1c, and possibly earlier, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long HTTP CONNECT request, which triggers heap corruption.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Nessus
| NASL family | Windows |
| NASL id | WINPROXY_61R1C.NASL |
| description | The remote host is running WinProxy, a proxy server for Windows. The version of WinProxy installed on the remote host reportedly contains a design issue that may result in a buffer overflow vulnerability. Using a specially crafted HTTP CONNECT request, a remote attacker may be able to leverage this issue to execute arbitrary code on the affected host subject to the privileges under which the service runs. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 24277 |
| published | 2007-02-06 |
| reporter | This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/24277 |
| title | WinProxy < 6.1r1c HTTP CONNECT Request Remote Overflow |
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=471
- http://osvdb.org/33097
- http://secunia.com/advisories/24049
- http://securitytracker.com/id?1017586
- http://www.securityfocus.com/bid/22393
- http://www.vupen.com/english/advisories/2007/0482
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32204