Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1514

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2001-1514
Last Modified 05 Sep 2008 04:26:44
Published 31 Dec 2001 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-1514

Summary

ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly pass security context to (1) child processes created with and (2) child processes that call the CreateProcess function and are executed with or end with the CFX extension, which allows attackers to execute programs with the permissions of the System account.

Vulnerable Systems

Application

  • Macromedia Coldfusion 4.5

  • Macromedia Coldfusion 5.0


References

CONFIRM - http://www.macromedia.com/v1/Handlers/index.cfm?ID=22263


Last Updated: 27 May 2016 10:36:42