• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Macromedia ColdFusion MX CreateObject And CFOBJECT Java Extensibility Weakness

It is reported that ColdFusion MX contains a weakness that allows all developers to utilize the CFOBJECT tag and the CreateObject function to execute potentially malicious code in the context of the affected application server.

This weakness allows malicious developers to execute code that is not appropriate for a shared server environment, or to perform administrative actions in the context of the affected application server. Malicious developers may possibly exploit this weakness to aid them in further application or system attacks.

Versions 6.0 and 6.1 of Macromedia ColdFusion MX are reported to be affected by this weakness.