CVE-2005-4734

Severity

64%

Complexity

99%

Confidentiality

81%

Stack-based buffer overflow in IISWebAgentIF.dll in RSA Authentication Agent for Web (aka SecurID Web Agent) 5.2 and 5.3 for IIS allows remote attackers to execute arbitrary code via a long url parameter in the Redirect method.

Stack-based buffer overflow in IISWebAgentIF.dll in RSA Authentication Agent for Web (aka SecurID Web Agent) 5.2 and 5.3 for IIS allows remote attackers to execute arbitrary code via a long url parameter in the Redirect method.

CVSS 2.0 Base Score 6.4. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:P).

Overview

Type

RSA RSA Authentication Agent for Web

First reported 19 years ago

2005-12-31 05:00:00

Last updated 16 years ago

2008-09-05 20:57:00

Affected Software

RSA RSA Authentication Agent for Web 5.2

5.2

RSA RSA Authentication Agent for Web 5.3

5.3

References

17281

Exploit, Vendor Advisory

http://www.metasploit.com/projects/Framework/exploits.html#rsa_iiswebagent_redirect

Exploit

20151

Exploit

26424

https://knowledge.rsasecurity.com/dlcpages/rsa_securid/securid_dlc_aaweb.asp

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.