Vulnerabilities > CVE-2005-4734 - Remote Stack Based Buffer Overflow vulnerability in RSA Authentication Agent IISWebAgentIF.DLL
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Stack-based buffer overflow in IISWebAgentIF.dll in RSA Authentication Agent for Web (aka SecurID Web Agent) 5.2 and 5.3 for IIS allows remote attackers to execute arbitrary code via a long url parameter in the Redirect method.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Exploit-Db
| description | Microsoft IIS ISAPI RSA WebAgent Redirect Overflow. CVE-2005-4734. Remote exploit for windows platform |
| id | EDB-ID:16358 |
| last seen | 2016-02-01 |
| modified | 2010-09-20 |
| published | 2010-09-20 |
| reporter | metasploit |
| source | https://www.exploit-db.com/download/16358/ |
| title | Microsoft IIS ISAPI RSA WebAgent Redirect Overflow |
Metasploit
| description | This module exploits a stack buffer overflow in the SecurID Web Agent for IIS. This ISAPI filter runs in-process with inetinfo.exe, any attempt to exploit this flaw will result in the termination and potential restart of the IIS service. |
| id | MSF:EXPLOIT/WINDOWS/ISAPI/RSA_WEBAGENT_REDIRECT |
| last seen | 2020-02-27 |
| modified | 2017-07-24 |
| published | 2005-12-26 |
| references | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4734 |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/isapi/rsa_webagent_redirect.rb |
| title | Microsoft IIS ISAPI RSA WebAgent Redirect Overflow |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/83040/rsa_webagent_redirect.rb.txt |
| id | PACKETSTORM:83040 |
| last seen | 2016-12-05 |
| published | 2009-11-26 |
| reporter | H D Moore |
| source | https://packetstormsecurity.com/files/83040/Microsoft-IIS-ISAPI-RSA-WebAgent-Redirect-Overflow.html |
| title | Microsoft IIS ISAPI RSA WebAgent Redirect Overflow |
Saint
| bid | 26424 |
| description | RSA SecurID Web Agent for IIS redirect buffer overflow |
| id | misc_rsawebagentredir |
| osvdb | 20151 |
| title | rsa_auth_agent_redirect |
| type | remote |