CVE-2012-5190 – Prizm Content Connect 5.1 contains an arbitrary... (How to Fix)

📋 TL;DR

Prizm Content Connect 5.1 contains an arbitrary file upload vulnerability that allows attackers to upload malicious files to the server. This affects all systems running the vulnerable version of this document viewing and conversion software. Successful exploitation can lead to complete system compromise.

💻 Affected Systems

Products:

Prizm Content Connect

Versions: Version 5.1

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of version 5.1 are vulnerable by default

📦 What is this software?

Prizm Content Connect by Accusoft

View all CVEs affecting Prizm Content Connect →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, data theft, and lateral movement within the network

🟠

Likely Case

Webshell deployment allowing persistent access, data exfiltration, and further exploitation

🟢

If Mitigated

Limited impact if proper file upload validation and web application firewalls are in place

🌐 Internet-Facing: HIGH - Directly exploitable via web interface without authentication

🏢 Internal Only: HIGH - Even internal systems are vulnerable to authenticated or network-accessible attacks

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP POST requests with malicious file uploads can exploit this vulnerability

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 5.2 or later

Vendor Advisory: https://www.accusoft.com/support/security-advisories/

Restart Required: Yes

Instructions:

1. Download Prizm Content Connect version 5.2 or later from Accusoft
2. Backup current configuration and data
3. Install the updated version following vendor instructions
4. Restart the Prizm Content Connect service

🔧 Temporary Workarounds

File Upload Restriction

all

Implement strict file type validation and size limits on upload endpoints

Web Application Firewall Rules

all

Deploy WAF rules to block malicious file upload patterns

🧯 If You Can't Patch

Isolate the Prizm Content Connect server in a restricted network segment
Implement strict network access controls and monitor all file upload activity

🔍 How to Verify

Check if Vulnerable:

Check Prizm Content Connect version in administration panel or configuration files

Check Version:

Check web interface or configuration files for version information

Verify Fix Applied:

Verify version is 5.2 or later and test file upload functionality with malicious payloads

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to Prizm endpoints
Large or suspicious file types being uploaded
POST requests to file upload endpoints with unusual parameters

Network Indicators:

HTTP POST requests to upload endpoints with executable file extensions
Unusual outbound connections from Prizm server

SIEM Query:

source="prizm_logs" AND (event="file_upload" AND (file_extension="php" OR file_extension="jsp" OR file_extension="asp"))

📊 Metadata

CVE ID: CVE-2012-5190

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

Published: January 21, 2020

Last Updated: November 21, 2024

🔗 References

http://www.securityfocus.com/bid/57242 Third Party Advisory,VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/81163 VDB Entry
http://www.securityfocus.com/bid/57242 Third Party Advisory,VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/81163 VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2012-5190, you might also want to check these: