CVE-2001-1514

Published: Dec 31, 2001Modified: Apr 16, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly pass security context to (1) child processes created with <CFEXECUTE> and (2) child processes that call the CreateProcess function and are executed with <CFOBJECT> or end with the CFX extension, which allows attackers to execute programs with the permissions of the System account.

Affected (2)

Products: Macromedia: Coldfusion

Macromedia

1 product

Coldfusion

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Macromedia Coldfusion	Version 4.5
Macromedia Coldfusion	Version 5.0

References (2)

http://www.macromedia.com/v1/Handlers/index.cfm?ID=22263

Source: cve@mitre.org

Vendor Advisory

http://www.macromedia.com/v1/Handlers/index.cfm?ID=22263

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.