14 DAY TRIAL // Adobe is a company that is often identified through its most known product, Adobe Reader that allows users to view PDF files, one of the most used formats in our times. As you may know, the PDF file support was the subject of an interesting dispute between Microsoft, the well known software producer and Adobe because the software giant wanted to include PDF support into the last version of the Office suite. Although Adobe is a very popular company, the firm is one of the most vulnerable companies on the Internet because several security developers identified a lot of security flaws in its products.
Today, it is ColdFusion's turn that seems to contain two vulnerabilities that can allow an attacker to run cross-site scripting attacks and execute malicious commands. Security company Secunia rated the flaw as less critical but sustained the users must install the patches provided by Adobe. The only versions affected by the vulnerability are Adobe ColdFusion MX 7.x and Macromedia ColdFusion MX 6.x, both provided by the well known company Adobe.
Adobe also published two security advisories to confirm the vulnerabilities discovered in the application and published the patches that must be installed to avoid being exploited by the attackers.
"A vulnerability in ColdFusion's default error page could allow an attacker to bypass ColdFusion's cross-site scripting protection. A specially crafted request sent to the ColdFusion server could result in the attacker being able to conduct cross site scripting attacks. A specially crafted URL could be used to create a cross-site scripting attack on ColdFusion when Global Script Protection is not enabled," it is mentioned in the two security advisories released by the company.