CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
97.9%
Added: 07/13/2007
CVE: CVE-2005-1471
BID: 13524
OSVDB: 16164
RSA Authentication Agent For Web for IIS provides access control for applications on IIS web servers.
A heap overflow vulnerability when using chunked transfer-encoding allows remote attackers to execute arbitrary commands with LocalSystem privileges.
A fix is available from <https://knowledge.rsasecurity.com>.
<http://www.kb.cert.org/vuls/id/790533>
<http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0039.html>
Exploit works on RSA Authentication Agent For Web for IIS 5.3 on Windows 2000 SP4.
The success of this exploit depends on the system state at the time the exploit is attempted.
Windows