Vulnerability Description
Stack-based buffer overflow in IISWebAgentIF.dll in RSA Authentication Agent for Web (aka SecurID Web Agent) 5.2 and 5.3 for IIS allows remote attackers to execute arbitrary code via a long url parameter in the Redirect method.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rsa | Authentication Agent For Web | 5.2 |
References
- http://secunia.com/advisories/17281ExploitVendor Advisory
- http://www.metasploit.com/projects/Framework/exploits.html#rsa_iiswebagent_redirExploit
- http://www.osvdb.org/20151Exploit
- http://www.securityfocus.com/bid/26424
- https://knowledge.rsasecurity.com/dlcpages/rsa_securid/securid_dlc_aaweb.asp
- http://secunia.com/advisories/17281ExploitVendor Advisory
- http://www.metasploit.com/projects/Framework/exploits.html#rsa_iiswebagent_redirExploit
- http://www.osvdb.org/20151Exploit
- http://www.securityfocus.com/bid/26424
- https://knowledge.rsasecurity.com/dlcpages/rsa_securid/securid_dlc_aaweb.asp
FAQ
What is CVE-2005-4734?
CVE-2005-4734 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Stack-based buffer overflow in IISWebAgentIF.dll in RSA Authentication Agent for Web (aka SecurID Web Agent) 5.2 and 5.3 for IIS allows remote attackers to execute arbitrary code via a long url parame...
How severe is CVE-2005-4734?
CVE-2005-4734 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-4734?
Check the references section above for vendor advisories and patch information. Affected products include: Rsa Authentication Agent For Web.