Adobe Releases Security Update for ColdFusion

Adobe has released a security hotfix for ColdFusion 10, 9.0.2, 9.0.1, and 9.0 for Windows, Macintosh, and UNIX. This hotfix addresses a vulnerability (CVE-2013-1389) that could allow a remote attacker to execute arbitrary code and a vulnerability (CVE-2013-3336) that could permit an unauthorized user to remotely retrieve files stored on the server. There are reports that this vulnerability is being exploited in the wild.

US-CERT recommends that users and administrators review Adobe Security Advisory APSA13-03 and Adobe Security Bulletin APSB13-13 and follow best-practice security policies to determine if their organization is affected and the appropriate response.