Security company RSA has patched a vulnerability in its Web authentication software.is advising customers to update software for its Authentication Agent for Web for Internet Information Service, after researcher Gary O'Leary-Steele discovered a flaw which could allow hackers to execute arbitrary code.
On its Web site Secunia said that the vulnerability occurred from a boundary error. "(It) can be exploited to cause a heap-based buffer overflow by sending an overly long 'chunk' of data via the chunked-encoding mechanism." The vulnerability exists in versions 5, 5.2 and 5.3 of the product. Click here to download the patch.