CVE-2001-1514

Опубликовано: 31 дек. 2001

Источник: nvd

CVSS2: 10

EPSS Низкий

Описание

ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly pass security context to (1) child processes created with and (2) child processes that call the CreateProcess function and are executed with or end with the CFX extension, which allows attackers to execute programs with the permissions of the System account.

Ссылки

http://www.macromedia.com/v1/Handlers/index.cfm?ID=22263
Vendor Advisory
http://www.macromedia.com/v1/Handlers/index.cfm?ID=22263
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:macromedia:coldfusion:4.5:*:*:*:*:*:*:*

cpe:2.3:a:macromedia:coldfusion:5.0:*:*:*:*:*:*:*

EPSS

Процентиль: 23%

0.00079

Низкий

10 Critical

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-p2rr-gcf8-2w6g

github

почти 4 года назад

ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly pass security context to (1) child processes created with <CFEXECUTE> and (2) child processes that call the CreateProcess function and are executed with <CFOBJECT> or end with the CFX extension, which allows attackers to execute programs with the permissions of the System account.