Published: 31/12/2005 Updated: 08/03/2011

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Buffer overflow in BlueCoat (a) WinProxy prior to 6.1a and (b) the web console access functionality in ProxyAV prior to 2.4.2.3 allows remote malicious users to execute arbitrary code via a long Host: header.

Vulnerable Product	Search on Vulmon	Subscribe to Product
bluecoat webproxy 4.0
bluecoat webproxy 5.2
bluecoat webproxy 6.0
bluecoat webproxy 5.0
bluecoat webproxy 5.1
bluecoat proxyav

#!perl # # "WinProxy 60 R1c" Remote Stack/SEH Overflow Exploit # # Author: FistFucker (aka FistFuXXer) # e-Mail: FistFuXXer@gmxde # # # Advisory: # wwwidefensecom/intelligence/vulnerabilities/displayphp?id=364 # # CVE info: # CAN-2005-4085 # use IO::Socket; # # destination IP address # $ip = '127001'; # # destination TCP port # ...

## # $Id: bluecoat_winproxy_hostrb 9797 2010-07-12 23:25:31Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' ...

NVD-CWE-Other http://www.idefense.com/intelligence/vulnerabilities/display.php?id=364 http://www.securityfocus.com/bid/16147 http://secunia.com/advisories/18288 http://securitytracker.com/id?1015441 http://www.bluecoat.com/support/knowledge/advisory_host_header_stack_overflow.html http://secunia.com/advisories/18909 http://www.vupen.com/english/advisories/2006/0065 http://www.vupen.com/english/advisories/2006/0622 https://nvd.nist.gov https://www.exploit-db.com/exploits/1408/

CVE-2005-4085

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect