These functions, Golunski said, are used by web applications built in ColdFusion to open Word, Excel, PowerPoint and other document types that use XML structure. Golunski said that ColdFusion 10 and 11 suffered from an XML External Entities (XXE) injection vulnerability, CVE-2016-4264, when processing certain types of Office Open XML documents. Researcher Dawid Golunski of Legal Hackers today revealed details on the flaw, which he privately disclosed to Adobe, as well as a proof-of-concept of the exploit. An Adobe ColdFusion vulnerability addressed Tuesday in a hotfix pushed to users put applications developed on the platform at risk to a number of serious issues.
0 kommentar(er)
