Released: October 26, 2012
Microsoft Vulnerability Research (MSVR) has announced an advisory with Ektron Web Content Management System (CMS). MSVR discovered the two vulnerabilities, CVE-2012-5357 and CVE 2012-5358), reported the issues to Ektron, and worked with their development team to ensure that the issues were resolved. The first vulnerability deals with improperly sanitized user data that could potentially result in the execution of arbitrary code. The second issue could allow an attacker to bypass authentication if properly exploited. Customers that have Ektron's CMS deployed are advised to review the advisory and apply the patches as soon as possible.