|
Family: Gain a shell remotely --> Category: infos
WinProxy HTTP CONNECT Buffer Overflow Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks for WinProxy < 6.1 R1c
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote HTTP proxy is affected by a buffer overflow vulnerability.
Description :
The remote host is running WinProxy, a proxy server for Windows.
The version of WinProxy installed on the remote host reportedly
contains a design issue that may result in a buffer overflow
vulnerability. Using a specially-crafted HTTP CONNECT request, a
remote attacker may be able to leverage this issue to execute arbitary
code on the affected host subject to the rights under which the
service runs.
See also :
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=471
http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0107.html
Solution :
Upgrade to WinProxy version 6.1 R1c or later as it is rumoured to
address the issue.
Threat Level:
High / CVSS Base Score : 7.0
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|