Full title: Ektron 8.02 XSLT Transform Remote Code Execution 
Category: remote exploits
Platform: windows
This Metasploit module exploits a vulnerability in Ektron CMS 8.02 (before SP5). The vulnerability exists due to the insecure usage of XslCompiledTransform, using a XSLT controlled by the user. The module has been tested successfully on Ektron CMS 8.02 over Windows 2003 SP2, which allows to execute arbitrary code with NETWORK SERVICE privileges.

# 0day.today @ http://0day.today/