RSA Authentication Agent for Web for IIS chunked encoding overflow

Added: 07/13/2007
CVE: CVE-2005-1471
BID: 13524
OSVDB: 16164

Background

RSA Authentication Agent For Web for IIS provides access control for applications on IIS web servers.

Problem

A heap overflow vulnerability when using chunked transfer-encoding allows remote attackers to execute arbitrary commands with LocalSystem privileges.

Resolution

A fix is available from https://knowledge.rsasecurity.com.

References

http://www.kb.cert.org/vuls/id/790533
http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0039.html

Limitations

Exploit works on RSA Authentication Agent For Web for IIS 5.3 on Windows 2000 SP4.

The success of this exploit depends on the system state at the time the exploit is attempted.

Platforms

Windows

Back to exploit index