Ektron 8.5 / 8.7 / 9.0 XSLT Transform Remote Code Execution
Posted by deepcore on March 4, 2017 – 10:33 pm
Ektron versions 8.5, 8.7 equal to and below sp1, and 9.0 before sp1 have vulnerabilities in various operations within the ServerControlWS.asmxweb services. These vulnerabilities allow for remote code execution without authentication and execute in the context of IIS on the remote system.
Post a reply
You must be logged in to post a comment.