In association with heise online

11 October 2006, 13:49

Adobe eliminates vulnerabilities in several products

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Adobe has released updates to close holes in several of its products. These include a flaw in ColdFusion through which users with restricted privileges could execute code with system rights. Adobe claims the problem is caused by several "input validation errors", most likely causing buffer overflows, in a third-party client for the Verity Library software library that comes included with the software. ColdFusion MX 7, ColdFusion MX 7.0.1 and ColdFusion MX 7.0.2 on Windows, Linux and Solaris are all affected. As an alternative to the patch, Adobe recommends simply deactivating the library.

Another update removes a vulnerability in Breeze 5.0 Licensed Server and Breeze 5.1 Licensed Server through which users could spy on arbitrary files on drives where Breeze is installed. Finally, another patch for the Contribute Publishing Server ensures that the administrator password no longer appears in the logs during installation and hence cannot be spied upon.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit