CVE-2005-4085

BlueCoat WinProxy < 6.1a and ProxyAV < 2.4.2.3 - Remote Code Execution via Long Host Header

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2005-4085. PoCs published by Metasploit, FistFuXXer, including Metasploit module exploits/windows/proxy/bluecoat_winproxy_host.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in Blue Coat WinProxy by sending a maliciously crafted HTTP request with an overly long Host header. The payload leverages SEH (Structured Exception Handler) overwrites to achieve remote code execution.

Description

Buffer overflow in BlueCoat (a) WinProxy before 6.1a and (b) the web console access functionality in ProxyAV before 2.4.2.3 allows remote attackers to execute arbitrary code via a long Host: header.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16691

This exploit targets a buffer overflow vulnerability in Blue Coat WinProxy by sending a maliciously crafted HTTP request with an overly long Host header. The payload leverages SEH (Structured Exception Handler) overwrites to achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Blue Coat WinProxy <= 6.1 R1a
No auth needed
Prerequisites: Network access to the target's HTTP service (port 80)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by FistFuXXer · perlremotewindows
https://www.exploit-db.com/exploits/1408

This exploit targets a stack/SEH overflow vulnerability in WinProxy 6.0 R1c. It sends a maliciously crafted HTTP request to overwrite the SE handler and execute a bind shell payload on port 4444.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: WinProxy 6.0 R1c
No auth needed
Prerequisites: Network access to the target's WinProxy service on port 80
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GREAT
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/proxy/bluecoat_winproxy_host.rb

This Metasploit module exploits a buffer overflow in Blue Coat WinProxy by sending a maliciously crafted HTTP Host header with an overly long port value. The exploit leverages SEH overwrites to achieve remote code execution on vulnerable systems.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Blue Coat WinProxy <= 6.1 R1a
No auth needed
Prerequisites: Network access to the target's HTTP service (port 80)
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (8)

Core 8
Core References
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18909
Patch, Vendor Advisory vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1015441
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0622
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0065
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18288
Patch, Vendor Advisory third-party-advisory x_refsource_idefense
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=364
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/16147

Scores

EPSS 0.6525
EPSS Percentile 99.2%

Details

Status published
Products (6)
bluecoat/proxyav
bluecoat/webproxy 4.0 r1a (10 CPE variants)
bluecoat/webproxy 5.0 r1a (3 CPE variants)
bluecoat/webproxy 5.1 r1a (3 CPE variants)
bluecoat/webproxy 5.2 r1a
bluecoat/webproxy 6.0 r1a (2 CPE variants)
Published Dec 31, 2005
Tracked Since Feb 18, 2026