Accessibility

Security bulletin

Security update: Hotfix available for ColdFusion 10 and earlier

Release date: December 11, 2012

Vulnerability identifier: APSB12-26

Priority: 2

CVE number: CVE 2012-5675

Platform: All Platforms

Summary

Adobe has released a security hotfix for ColdFusion 10 and earlier versions for Windows, Macintosh and UNIX. This hotfix resolves a vulnerability which could result in a sandbox permissions violation in a shared hosting environment. Adobe recommends users update their product installation using the instructions provided in the "Solution" section below.

Affected software versions

ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX

Solution

Adobe recommends ColdFusion customers update their installation using the instructions provided in the technote:
http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb12-26.html.

Severity rating

Adobe categorizes this hotfix with the following priority rating and recommends users update their installation to the newest version:

Product

Platform

Priority Rating

ColdFusion 10, 9.0.2, 9.0.1, 9.0

Windows, Macintosh and UNIX

2

 

This hotfix addresses an important vulnerability in the software.

Details

Adobe has released a security hotfix for ColdFusion 10 and earlier versions for Windows, Macintosh and UNIX. This hotfix resolves a vulnerability which could result in a sandbox permissions violation in a shared hosting environment. Adobe recommends users update their product installation using the instructions provided in the "Solution" section above.

This hotfix resolves a vulnerability which could result in a sandbox permissions violation in a shared hosting environment (CVE-2012-5675).

Acknowledgments

Adobe would like to thank David Boyer (CVE-2012-5675) for reporting the relevant issue and for working with Adobe to help protect our customers.

Revisions

December 11, 2012 - Fixed typo in CVE number