Vulnerabilities > CVE-2007-0796 - Remote Heap Overflow vulnerability in Bluecoat Winproxy 6.0/6.1

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
bluecoat
nessus

Summary

Blue Coat Systems WinProxy 6.1a and 6.0 r1c, and possibly earlier, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long HTTP CONNECT request, which triggers heap corruption.

Vulnerable Configurations

Part Description Count
Application
Bluecoat
2

Nessus

NASL familyWindows
NASL idWINPROXY_61R1C.NASL
descriptionThe remote host is running WinProxy, a proxy server for Windows. The version of WinProxy installed on the remote host reportedly contains a design issue that may result in a buffer overflow vulnerability. Using a specially crafted HTTP CONNECT request, a remote attacker may be able to leverage this issue to execute arbitrary code on the affected host subject to the privileges under which the service runs.
last seen2020-06-01
modified2020-06-02
plugin id24277
published2007-02-06
reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/24277
titleWinProxy < 6.1r1c HTTP CONNECT Request Remote Overflow