A boundary error in the RSA Authentication Agent for Web affects IIS version 5.x.
Security and vulnerability group Secunia has released an advisory suggesting hackers could create a heap-based buffer overflow.
Alongside the RSA vulnerability equally dangerous, executable vulnerabilities has been found in Ethereal, a packet sniffing program. Both vulnerabilities, as well as one within Smail, a minor MTA, are rated critical.
The news come two days after Microsoft released a single patch in its monthly patch cycle. The script injection vulnerability was rated as "important" and affects Windows 98, 2000 and ME users only.
In March SC reported Microsoft released eight security patches, at least half of which were rated critical.
In the same month SC reported Microsoft's major OS update, SP2 for Windows XP, was being rejected by over half of companies.