Security hole in K9 Web Protection web filter
K9 Web Protection, the free home version of a filter by Blue Coat to protect children from inappropriate and harmful internet content, contains a vulnerability that could be exploited by attackers to inject malicious code. Local users could exploit this flaw for privilege escalation purposes.
The filter software installs a local server k9filter.exe, which listens on port 2372 of the loopback connection (127.0.0.1). Processing URLs of excessive length may cause a buffer overflow and subsequent injection of malicious code, which could then be executed with system privileges. Attackers may put malformed links on web pages to exploit this vulnerability as soon as the page is visited.
Blue Coat has fixed this vulnerability in version 3.2.44 of the software. Users of K9 Web Protection are advised to download the current version from the vendor’s web site and install it as soon as possible.
- BlueCoat K9 Web Protection 3.2.36 Overflow, advisory by CSIS
- Download of the current version of K9 Web Protection