Ektron · Ektron Content Management System · CVE-2012-5357
Name of the Vulnerable Software and Affected Versions:
Ektron Content Management System (CMS) versions prior to 8.02 SP5
Description:
The issue allows remote attackers to execute arbitrary code with NETWORK SERVICE privileges via crafted XSL data, due to the use of the XslCompiledTransform class with enablescript set to true.
Recommendations:
For versions prior to 8.02 SP5, update to version 8.02 SP5 or later to resolve the issue. As a temporary workaround, consider disabling the use of the XslCompiledTransform class with enablescript set to true until a patch is available. Restrict access to XSL data to minimize the risk of exploitation.