CVE-2012-5357

CRITICAL

Ektron CMS <8.02 SP5 - RCE

Title source: llm

Description

Ektron Content Management System (CMS) before 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows remote attackers to execute arbitrary code with NETWORK SERVICE privileges via crafted XSL data.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/23155

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Rich Lundeen, juan vazquez, Nicolas, Gregoire · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/ektron_xslt_exec.rb

View Code ZIP pw:eip

References (4)

[Issue Tracking, Vendor Advisory] http://documentation.ektron.com/current/ReleaseNotes/Release8/8.02SP5.htm

[Issue Tracking, Release Notes, Third Party Advisory] https://technet.microsoft.com/library/security/msvr12-016

[Exploit, Issue Tracking, Third Party Advisory] https://webstersprodigy.net/2012/10/25/cve-2012-5357cve-1012-5358-cool-ektron-xslt-rce-bugs/

[Exploit, Issue Tracking, Third Party Advisory] https://www.rapid7.com/db/modules/exploit/windows/http/ektron_xslt_exec

Scores

CVSS v3 9.8

EPSS 0.8259

EPSS Percentile 99.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-19

Status published

Products (1)

ektron/ektron_content_management_system < 8.02

Published Oct 30, 2017

Tracked Since Feb 18, 2026