RSA SecurID Software Token < 4.1.1 Insecure Library Loading

High Nessus Plugin ID 57347


The remote Windows host contains an application that is affected by a code execution vulnerability.


The remote Windows host contains a version of RSA SecurID Software Token 3.0, 4.0, or 4.1 earlier than 4.1.1. As such, it is reportedly affected by an insecure library loading vulnerability. If an attacker can trick a user on the affected system into opening a specially crafted Software Token file, this issue could be leveraged to execute arbitrary code subject to the user's privileges.


Upgrade to RSA SecurID Software Token 4.1.1 ( or later.

See Also

Plugin Details

Severity: High

ID: 57347

File Name: rsa_securid_software_token_411.nasl

Version: $Revision: 1.11 $

Type: local

Agent: windows

Family: Windows

Published: 2011/12/20

Modified: 2017/09/28

Dependencies: 57348

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

Vulnerability Information

Required KB Items: SMB/RSA SecurID Software Token/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2011/12/12

Vulnerability Publication Date: 2011/12/12

Reference Information

CVE: CVE-2011-4141

BID: 51073

OSVDB: 77741

IAVA: 2011-A-0175