CVE-2011-1425

XML Security Library <1.2.17 - File Creation/Overwrite

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-1425.

AI-analyzed exploit summary This Metasploit module exploits a file creation vulnerability in WebKit's libxslt (CVE-2011-1774) by redirecting XSLT transformation output to arbitrary files. It achieves RCE by uploading a VBS payload and a MOF file to trigger Windows Management Instrumentation execution.

Description

xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification.

Exploits (1)

exploitdb WORKING POC

rubyremotewindows

https://www.exploit-db.com/exploits/17993

View Code ZIP pw:eip

This Metasploit module exploits a file creation vulnerability in WebKit's libxslt (CVE-2011-1774) by redirecting XSLT transformation output to arbitrary files. It achieves RCE by uploading a VBS payload and a MOF file to trigger Windows Management Instrumentation execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Apple Safari (WebKit) before version 5.0.6

No auth needed

Prerequisites: Target must be running Safari on Windows XP (NT 5.1) with WebKit version 5.0.x

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059.005 - Visual Basic

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (19)

Core 19

Core References

Patch x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=692133

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2011/0855

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1025284

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2011/dsa-2219

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2011:063

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/47135

Various Sources x_refsource_confirm

http://trac.webkit.org/changeset/79159

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2011/1010

Patch mailing-list x_refsource_mlist

http://www.aleksey.com/pipermail/xmlsec/2011/009120.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/44423

Patch x_refsource_confirm

http://git.gnome.org/browse/xmlsec/commit/?id=2d5eddcc4163ea050cf3a3a1a25452bb5124f780

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2011-0486.html

Patch x_refsource_confirm

http://git.gnome.org/browse/xmlsec/commit/?id=35eaacde6093d6711339754fc2146341b8b9f5fa

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2011/1172

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/44167

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/43920

Various Sources x_refsource_confirm

https://bugs.webkit.org/show_bug.cgi?id=52688

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2011/0858

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/66506

Scores

EPSS 0.0931

EPSS Percentile 93.0%

Details

CWE

CWE-264

Status published

Products (43)

aleksey/xml_security_library 0.0.1

aleksey/xml_security_library 0.0.2

aleksey/xml_security_library 0.0.2a

aleksey/xml_security_library 0.0.3

aleksey/xml_security_library 0.0.4

aleksey/xml_security_library 0.0.5

aleksey/xml_security_library 0.0.6

aleksey/xml_security_library 0.0.7

aleksey/xml_security_library 0.0.8

aleksey/xml_security_library 0.0.9

... and 33 more

Published Apr 04, 2011

Tracked Since Feb 18, 2026