Let N = pq be an RSA modulus and e be a public exponent. Numerous attacks on RSA exploit the arithmetical properties of the key equation ed − k(p − 1)(q − 1) = 1. In this paper, we study the more general equation eu − (p − s)(q − r)v = w. We show that when the unknown integers u, v, w, r and s are suitably small and p − s or q − r is factorable using the Elliptic Curve Method for factorization ECM, then one can break the RSA system. As an application, we propose an attack on Demytko's elliptic curve cryptosystem. Our method is based on Coppersmith's technique for solving multivariate polynomial modular equations.