CVE-2012-5357

Published: Oct 30, 2017Modified: May 13, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Ektron Content Management System (CMS) before 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows remote attackers to execute arbitrary code with NETWORK SERVICE privileges via crafted XSL data.

Affected (1)

Products: Ektron: Ektron Content Management System

Ektron

1 product

Ektron Content Management System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ektron Ektron Content Management System	Up to 8.02

Related CWEs

CWE-19

References (8)

http://documentation.ektron.com/current/ReleaseNotes/Release8/8.02SP5.htm

Source: cve@mitre.org

Issue TrackingVendor Advisory

https://technet.microsoft.com/library/security/msvr12-016

Source: cve@mitre.org

Issue TrackingRelease NotesThird Party Advisory

https://webstersprodigy.net/2012/10/25/cve-2012-5357cve-1012-5358-cool-ektron-xslt-rce-bugs/

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://www.rapid7.com/db/modules/exploit/windows/http/ektron_xslt_exec

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

http://documentation.ektron.com/current/ReleaseNotes/Release8/8.02SP5.htm

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

https://technet.microsoft.com/library/security/msvr12-016

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingRelease NotesThird Party Advisory

https://webstersprodigy.net/2012/10/25/cve-2012-5357cve-1012-5358-cool-ektron-xslt-rce-bugs/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

https://www.rapid7.com/db/modules/exploit/windows/http/ektron_xslt_exec

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

Timeline

No history available yet.