ColdFusion patchAdobe’s second set of security updates coinciding with Microsoft’s monthly patch releases were made available today. The two bulletins include patches for vulnerabilities in Adobe Flash Player and Adobe ColdFusion.

The Flash vulnerabilities for Windows are rated most severe by Adobe and successful exploits could result in crashes, or an attacker being able to remotely execute code.

The three updates fix a buffer overflow vulnerability, integer overflow vulnerability and a memory corruption vulnerability, all three of which could lead to code execution, Adobe said.

The updates are for Adobe Flash Player 11.5.502.110 and earlier versions for Windows and Macintosh, Adobe Flash Player and earlier versions for Linux, Adobe Flash Player and earlier versions for Android 4.x, and Adobe Flash Player and earlier versions for Android 3.x and 2.x, the company said.

Adobe added there are no active exploits in the wild for any of these flaws.

The security hotfix for ColdFusion 10, meanwhile, takes care of a sandbox permissions violation in a shared hosting environment, Adobe said in its advisory. ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX, are vulnerable.

Less than a month ago, Adobe issued an out-of-band patch for ColdFusion that patched a denial-of-service vulnerability for the platform running on Microsoft’s IIS Web server.



Categories: Vulnerabilities