Vulnerabilities > CVE-2001-1514 - Unspecified vulnerability in Macromedia Coldfusion 4.5/5.0

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

macromedia

NVD

Published: 2001-12-31

Updated: 2008-09-05

Summary

ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly pass security context to (1) child processes created with <CFEXECUTE> and (2) child processes that call the CreateProcess function and are executed with <CFOBJECT> or end with the CFX extension, which allows attackers to execute programs with the permissions of the System account.

Vulnerable Configurations

Part	Description	Count
Application	Macromedia Macromedia Coldfusion 4.5 Macromedia Coldfusion 5.0	2

References

http://www.macromedia.com/v1/Handlers/index.cfm?ID=22263