First published: Mon Dec 31 2001(Updated: )
ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly pass security context to (1) child processes created with <CFEXECUTE> and (2) child processes that call the CreateProcess function and are executed with <CFOBJECT> or end with the CFX extension, which allows attackers to execute programs with the permissions of the System account.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Macromedia ColdFusion | =4.5 | |
Macromedia ColdFusion | =5.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.