Lucene search
SAINT CorporationSAINT:DCB9A64F4EC09DEE17C76D1263FB1F1FHistoryJul 13, 2007 - 12:00 a.m.
RSA Authentication Agent for Web for IIS chunked encoding overflow
2007-07-1300:00:00
SAINT Corporation
download.saintcorporation.com
24
EPSS
0.666
Percentile
97.9%
Added: 07/13/2007
CVE: CVE-2005-1471
BID: 13524
OSVDB: 16164
Background
RSA Authentication Agent For Web for IIS provides access control for applications on IIS web servers.
Problem
A heap overflow vulnerability when using chunked transfer-encoding allows remote attackers to execute arbitrary commands with LocalSystem privileges.
Resolution
A fix is available from <https://knowledge.rsasecurity.com>.
References
<http://www.kb.cert.org/vuls/id/790533>
<http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0039.html>
Limitations
Exploit works on RSA Authentication Agent For Web for IIS 5.3 on Windows 2000 SP4.
The success of this exploit depends on the system state at the time the exploit is attempted.
Platforms
Windows
Related
saint
saint
RSA Authentication Agent for Web for IIS chunked encoding overflow
2007-07-13 00:00:00
RSA Authentication Agent for Web for IIS chunked encoding overflow
2007-07-13 00:00:00
RSA Authentication Agent for Web for IIS chunked encoding overflow
2007-07-13 00:00:00
cve
cve
CVE-2005-1471
2005-05-06 04:00:00
cvelist
cvelist
CVE-2005-1471
2005-05-06 04:00:00
checkpoint_advisories
checkpoint_advisories
RSA Authentication Agent for Web Buffer Overflow (CVE-2005-1471)
2010-06-28 00:00:00
nvd
nvd
CVE-2005-1471
2005-05-06 04:00:00
cert
cert