Lucene search
SAINT CorporationSAINT:78CEA7BACCA18FB9F56912537EAB294EHistoryJul 13, 2007 - 12:00 a.m.
RSA Authentication Agent for Web for IIS chunked encoding overflow
2007-07-1300:00:00
SAINT Corporation
www.saintcorporation.com
12
0.666 Medium
EPSS
Percentile
98.0%
Added: 07/13/2007
CVE: CVE-2005-1471
BID: 13524
OSVDB: 16164
Background
RSA Authentication Agent For Web for IIS provides access control for applications on IIS web servers.
Problem
A heap overflow vulnerability when using chunked transfer-encoding allows remote attackers to execute arbitrary commands with LocalSystem privileges.
Resolution
A fix is available from <https://knowledge.rsasecurity.com>.
References
<http://www.kb.cert.org/vuls/id/790533>
<http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0039.html>
Limitations
Exploit works on RSA Authentication Agent For Web for IIS 5.3 on Windows 2000 SP4.
The success of this exploit depends on the system state at the time the exploit is attempted.
Platforms
Windows
Related
cve
cve
CVE-2005-1471
2005-05-06 04:00:00
saint
saint
RSA Authentication Agent for Web for IIS chunked encoding overflow
2007-07-13 00:00:00
RSA Authentication Agent for Web for IIS chunked encoding overflow
2007-07-13 00:00:00
RSA Authentication Agent for Web for IIS chunked encoding overflow
2007-07-13 00:00:00
checkpoint_advisories
checkpoint_advisories
RSA Authentication Agent for Web Buffer Overflow (CVE-2005-1471)
2010-06-28 00:00:00
nvd
nvd
CVE-2005-1471
2005-05-06 04:00:00
cert
cert
cvelist
cvelist
CVE-2005-1471
2005-05-06 04:00:00