1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: Ektron CMS CVE-2012-5357 2

Attack: Ektron CMS CVE-2012-5357 2

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to exploit a remote code execution vulnerability in Ektron CMS.

Additional Information

Ektron CMS is an ASP-based content manager.

The application is prone to a remote code-execution vulnerability. Specifically, this issue occurs because the application fails to sanitize user-supplied input to the XSL data of the 'XslCompiledTransform' class.

Successful exploits will allow remote attackers to execute arbitrary code within the context of the affected application. Failed attacks may cause denial-of-service conditions.

Affected

  • Ektron CMS 8.02
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube