For the past year in my spare time I've been researching a flaw involving transparent proxies and today CERT has published an advisory for this issue. If you have a vulnerable proxy on your intranet NOW is the time to patch (details of affected vendors in the cert advisory).
I will be publishing a comprehensive document at a later time outlining additional behaviors not discussed in the CERT advisory. Stay Tuned….
CERT Advisory: http://www.kb.cert.org/vuls/id/435052
