ColdFusion is Adobe’s platform and application server used by developers to build Web applications.
The security hotfix is for ColdFusion 10 Update 1 and above for the Windows operating system. A denial-of-service vulnerability was discovered affecting ColdFusion on Windows Internet Information Services (IIS), the Microsoft Web server.
Users are urged to update to ColdFusion 10 Update 5. Adobe credits Brian Cassell, an IT manager at Compass Group North America for reporting the issue.
Earlier this month, a Russian security company reported the discovery of a vulnerability and exploit in circulation in the underground for Adobe Reader. The exploit, according to Group-IB, bypasses Adobe’s sandbox protection, and is selling for upwards of $50,000. Attackers were using malformed PDF documents with specially crafted forms to get shellcode on compromised machines.
Adobe recently upgraded Reader XI and Acrobat XI with better sandbox functionality including ASLR. Sandbox protection processes untrusted content before it’s exposed to the underlying system.