RSA SecurID Web Agent for IIS provides access control for IIS web servers using one-time authentication tokens.
A buffer overflow in
**IISWebAgentIF.dll** could allow a remote attacker to execute arbitrary commands using a long, specially crafted url parameter in a Redirect request.
Fixes are available from RSA SecurCare Online.
Web Agent for IIS must be configured correctly in order for this exploit to work.