CVE-2012-5357

CRITICAL

Ektron Content Management System < 8.02 - Remote Code Execution via XSLT Script Execution

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-5357. PoCs published by Metasploit, Rich Lundeen, juan vazquez, Nicolas, Gregoire, including Metasploit module exploits/windows/http/ektron_xslt_exec.

AI-analyzed exploit summary This Metasploit module exploits CVE-2012-5357 in Ektron CMS 8.02 by leveraging insecure XSLT processing to achieve remote code execution. It generates a malicious XSLT file that writes and executes a payload on the target system.

Description

Ektron Content Management System (CMS) before 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows remote attackers to execute arbitrary code with NETWORK SERVICE privileges via crafted XSL data.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/23155

This Metasploit module exploits CVE-2012-5357 in Ektron CMS 8.02 by leveraging insecure XSLT processing to achieve remote code execution. It generates a malicious XSLT file that writes and executes a payload on the target system.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Ektron CMS 8.02 (before SP5)
No auth needed
Prerequisites: Network access to the Ektron CMS server · Target must be running Ektron CMS 8.02 (before SP5)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by Rich Lundeen, juan vazquez, Nicolas, Gregoire · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/ektron_xslt_exec.rb

This Metasploit module exploits a vulnerability in Ektron CMS 8.02 (before SP5) by leveraging insecure XSLT processing to execute arbitrary code via C# script injection. It uses VirtualAlloc and CreateThread to execute shellcode, achieving remote code execution with NETWORK SERVICE privileges.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Ektron CMS 8.02 (before SP5)
No auth needed
Prerequisites: Network access to the target Ektron CMS instance · XSLT processing endpoint accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://webstersprodigy.net/2012/10/25/cve-2012-5357cve-1012-5358-cool-ektron-xslt-rce-bugs/
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://www.rapid7.com/db/modules/exploit/windows/http/ektron_xslt_exec
Issue Tracking, Vendor Advisory x_refsource_confirm
http://documentation.ektron.com/current/ReleaseNotes/Release8/8.02SP5.htm
Issue Tracking, Release Notes, Third Party Advisory x_refsource_misc
https://technet.microsoft.com/library/security/msvr12-016

Scores

CVSS v3 9.8
EPSS 0.8259
EPSS Percentile 99.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-19
Status published
Products (1)
ektron/ektron_content_management_system < 8.02
Published Oct 30, 2017
Tracked Since Feb 18, 2026