Adobe this week issued security bulletins and patches for products ranging from ColdFusion to Form Designer.
In Adobe's security bulletin the company outlined the following in order of importance:
- CVE--2007-6253: Adobe says "critical vulnerabilities have been identified in Form Designer 5.0 and Form Client 5.0 that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. A malicious html file must be loaded in the web browser by the end user for an attacker to exploit these vulnerabilities." The issue is critical and Adobe has issued a patch.
- CVE-2008-0643, CVE-2008-0644: Cross site scripting issue with ColdFusion 8 and ColdFusion MX 7. The flaw is deemed important by Adobe and it recommends customers install a hot fox for ColdFusion 8. MX 7 customers should update the installation following these knowledge base instructions.
- CVE-2008-1203: A design error in ColdFusion 8 and MX 7 could "make it more likely that an attacker could attempt to log in to the admin interface undetected since failed log-in attempts were not previously logged." The issue is moderate and Adobe has directions to fix it in its advisory.
- CVE-2008-0883: A privilege escalation issue in Adobe Reader 8.1.2 for Unix. The launcher script for Adobe Reader 8.1.2 for Unix could "potentially allow a malicious local user to escalate their privileges and potentially modify or delete arbitrary files." The flaw is not remotely exploitable and Adobe categorizes the issue as moderate.