EktronCMS Saxon XSLT parser remote code execution

Description

Ektron Content Management System version 8.5, 8.7, and 9.0 contain a resource injection vulnerability by using an improperly configured XML parser. By default, Ektron utilizes the Microsoft XML parser to parse XSLT documents, which is not vulnerable. If an attacker specifies use of the Saxon XSLT parser instead, and sends it a specially crafted XSLT document, the attacker may be able to run arbitrary code at the privilege level of the application.

Remediation

Upgrade to the latest version of EktronCMS. This problem was fixed with Security Update 3 (Releases 8.02 SP5 to 9.10 SP1).

References