Vulnerabilities > CVE-2004-2204 - Unspecified vulnerability in Macromedia Coldfusion 6.0/6.1

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

macromedia

NVD

Published: 2004-12-31

Updated: 2017-07-11

Summary

Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT.

Vulnerable Configurations

Part	Description	Count
Application	Macromedia Macromedia Coldfusion 6.0 Macromedia Coldfusion 6.1	2

References

http://secunia.com/advisories/12693
http://www.macromedia.com/devnet/security/security_zone/mpsb04-10.html
http://www.osvdb.org/10718
http://www.securityfocus.com/archive/1/377213
http://www.securityfocus.com/bid/11364
https://exchange.xforce.ibmcloud.com/vulnerabilities/17567