RSA SecurID Software Token for Windows DLL Loading Error Lets Remote Users Execute Arbitrary Code.
RSA SecurID Software Token 4.1 for Microsoft Windows
A remote user can cause the target application to execute arbitrary code on the target user's system.
A vulnerability was reported in RSA SecurID Software Token. A remote user can execute arbitrary code on the target system. A remote user can create a specially crafted DLL file on a remote share (e.g., WebDAV, SMB share). When the target user opens a Software Token file on the share, the application may load the remote user's DLL instead of the intended DLL and execute arbitrary code. This type of exploit is also known as "binary planting" or "DLL preloading".
A remote user can cause the target application to execute arbitrary code on the target user's system..
RSA strongly recommends that customers upgrade to RSA SecurID Software Token 4.1.1 for Microsoft Windows. To obtain the latest RSA product downloads, log on to RSA SecurCare