In association with heise online

08 June 2007, 12:48

Security hole in K9 Web Protection web filter

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

K9 Web Protection, the free home version of a filter by Blue Coat to protect children from inappropriate and harmful internet content, contains a vulnerability that could be exploited by attackers to inject malicious code. Local users could exploit this flaw for privilege escalation purposes.

The filter software installs a local server k9filter.exe, which listens on port 2372 of the loopback connection ( Processing URLs of excessive length may cause a buffer overflow and subsequent injection of malicious code, which could then be executed with system privileges. Attackers may put malformed links on web pages to exploit this vulnerability as soon as the page is visited.

Blue Coat has fixed this vulnerability in version 3.2.44 of the software. Users of K9 Web Protection are advised to download the current version from the vendor’s web site and install it as soon as possible.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit