CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
EPSS
Percentile
97.2%
Added: 11/30/2005
CVE: CVE-2005-4734
BID: 26424
OSVDB: 20151
RSA SecurID Web Agent for IIS provides access control for IIS web servers using one-time authentication tokens.
A buffer overflow in **IISWebAgentIF.dll**
could allow a remote attacker to execute arbitrary commands using a long, specially crafted url parameter in a Redirect request.
Fixes are available from RSA SecurCare Online.
<http://secunia.com/advisories/17281/>
Web Agent for IIS must be configured correctly in order for this exploit to work.
Windows 2000