Adobe plugs vulnerabilities for Form Designer, ColdFusion, Reader

Summary:Adobe this week issued security bulletins and patches for products ranging from ColdFusion to Form Designer.In Adobe's security bulletin the company outlined the following in order of importance:CVE--2007-6253:  Adobe says "critical vulnerabilities have been identified in Form Designer 5.

Adobe this week issued security bulletins and patches for products ranging from ColdFusion to Form Designer.

In Adobe's security bulletin the company outlined the following in order of importance:

  • CVE--2007-6253:  Adobe says "critical vulnerabilities have been identified in Form Designer 5.0 and Form Client 5.0 that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. A malicious html file must be loaded in the web browser by the end user for an attacker to exploit these vulnerabilities." The issue is critical and Adobe has issued a patch.
  • CVE-2008-0643, CVE-2008-0644: Cross site scripting issue with ColdFusion 8 and ColdFusion MX 7. The flaw is deemed important by Adobe and it recommends customers install a hot fox for ColdFusion 8. MX 7 customers should update the installation following these knowledge base instructions.
  • CVE-2008-1203: A design error in ColdFusion 8 and MX 7 could "make it more likely that an attacker could attempt to log in to the admin interface undetected since failed log-in attempts were not previously logged." The issue is moderate and Adobe has directions to fix it in its advisory.
  • CVE-2008-0883: A privilege escalation issue in Adobe Reader 8.1.2 for Unix. The launcher script for Adobe Reader 8.1.2 for Unix could "potentially allow a malicious local user to escalate their privileges and potentially modify or delete arbitrary files." The flaw is not remotely exploitable and Adobe categorizes the issue as moderate.

Topics: Software Development, Enterprise Software, Security

About

Larry Dignan is Editor in Chief of ZDNet and SmartPlanet as well as Editorial Director of ZDNet's sister site TechRepublic. He was most recently Executive Editor of News and Blogs at ZDNet. Prior to that he was executive news editor at eWeek and news editor at Baseline. He also served as the East Coast news editor and finance editor at CN... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.