CVE-2012-5357
N/A
N/A
Summary
Ektron Content Management System (CMS) before 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows remote attackers to execute arbitrary code with NETWORK SERVICE privileges via crafted XSL data.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://webstersprodigy.net/2012/10/25/cve-2012-5357cve-1012-5358-cool-ektron-xslt-rce-bugs/
- https://www.rapid7.com/db/modules/exploit/windows/http/ektron_xslt_exec
- http://documentation.ektron.com/current/ReleaseNotes/Release8/8.02SP5.htm
- https://technet.microsoft.com/library/security/msvr12-016
References
- https://webstersprodigy.net/2012/10/25/cve-2012-5357cve-1012-5358-cool-ektron-xslt-rce-bugs/
- https://www.rapid7.com/db/modules/exploit/windows/http/ektron_xslt_exec
- http://documentation.ektron.com/current/ReleaseNotes/Release8/8.02SP5.htm
- https://technet.microsoft.com/library/security/msvr12-016
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.