VULHUB ™

ColdFusion 4.5 includes Sandbox Security which restricts applications to secure Server Sandboxes, in order to control application access to directories, components, databases, or other resources on the server. CFEXECUTE is a tag that calls a requested program and waits for the output. The CFOBJECT tag allows you to call methods in COM and CORBA objects. Processes created by CFEXECUTE or CFOBJECT use the 'Windows CreateProcess()' function. A vulnerability exists in ColdFusion which could allow arbitrary programs to inherit the security settings of ColdFusion SYSTEM privileges, rather than the security context of Sandbox security.

ColdFusion 4.5 includes Sandbox Security which restricts applications to secure Server Sandboxes, in order to control application access to directories, components, databases, or other resources on the server. CFEXECUTE is a tag that calls a requested program and waits for the output. The CFOBJECT tag allows you to call methods in COM and CORBA objects. Processes created by CFEXECUTE or CFOBJECT use the 'Windows CreateProcess()' function. A vulnerability exists in ColdFusion which could allow arbitrary programs to inherit the security settings of ColdFusion SYSTEM privileges, rather than the security context of Sandbox security.