Adobe has issued security hotfix for two critical vulnerabilities in ColdFusion web application server. They have also issued security update for the Adobe Flash player.
The cross site scripting(XSS) vulnerability (CVE-2013-5326) could be exploited by a remote, authenticated user on ColdFusion 10 and earlier versions when the CFIDE directory is exposed.
The other vulnerability in ColdFusion is "unauthorized remote access(CVE-2013-5328)"- marked as critical security flaw.
Adobe Flash Player 11.9.900.117 and earlier versions are vulnerable to a critical bug that "could cause a crash and potentially allow an attacker to take control of the affected system".
Users are recommended to follow the instruction provided in these pages: 1.http://www.adobe.com/support/security/bulletins/apsb13-27.html , 2.http://www.adobe.com/support/security/bulletins/apsb13-26.html
The cross site scripting(XSS) vulnerability (CVE-2013-5326) could be exploited by a remote, authenticated user on ColdFusion 10 and earlier versions when the CFIDE directory is exposed.
The other vulnerability in ColdFusion is "unauthorized remote access(CVE-2013-5328)"- marked as critical security flaw.
Adobe Flash Player 11.9.900.117 and earlier versions are vulnerable to a critical bug that "could cause a crash and potentially allow an attacker to take control of the affected system".
Users are recommended to follow the instruction provided in these pages: 1.http://www.adobe.com/support/security/bulletins/apsb13-27.html , 2.http://www.adobe.com/support/security/bulletins/apsb13-26.html