CVE Vulnerabilities

CVE-2001-1514

Published: Dec 31, 2001 | Modified: Sep 05, 2008
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
10 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to operating system, does not properly pass security context to (1) child processes created with and (2) child processes that call the CreateProcess function and are executed with or end with the CFX extension, which allows attackers to execute programs with the permissions of the System account.

Affected Software

Name Vendor Start Version End Version
Coldfusion Macromedia 4.5 4.5
Coldfusion Macromedia 5.0 5.0

References