CVE-2005-4734

RSA Authentication Agent for Web <5.3 - Buffer Overflow

Title source: llm

Description

Stack-based buffer overflow in IISWebAgentIF.dll in RSA Authentication Agent for Web (aka SecurID Web Agent) 5.2 and 5.3 for IIS allows remote attackers to execute arbitrary code via a long url parameter in the Redirect method.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16358

View Code ZIP pw:eip

metasploit WORKING POC GOOD

by hdm · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/isapi/rsa_webagent_redirect.rb

View Code ZIP pw:eip

References (5)

[Exploit, Vendor Advisory] http://secunia.com/advisories/17281

[Exploit] http://www.metasploit.com/projects/Framework/exploits.html#rsa_iiswebagent_redirect

[Exploit] http://www.osvdb.org/20151

[Various Sources] https://knowledge.rsasecurity.com/dlcpages/rsa_securid/securid_dlc_aaweb.asp

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/26424

Scores

EPSS 0.7245

EPSS Percentile 98.8%

Details

Status published

Products (2)

rsa/authentication_agent_for_web 5.2

rsa/authentication_agent_for_web 5.3

Published Dec 31, 2005

Tracked Since Feb 18, 2026