Intrusion Prevention

RSA.Authentication.Agent.Redirect.Buffer.Overflow

Description

This indicates an attempt at exploiting a stack-based buffer-overflow vulnerability in the RSA Authentication Agent for Web.
This vulnerability is caused by a flaw in IISWebAgentIF.dll. A remote attacker may exploit this via a long URL parameter in the Redirect method, resulting in arbitrary code execution.

Affected Products

SecurID Web Agent 5.2 and 5.3

Impact

System compromise.

Recommended Actions

Apply the following patch:
ftp://ftp.rsasecurity.com/support/Patches/Ace/Agent/

CVE References

CVE-2005-1471 CVE-2005-4734

Other References

1