-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Reference: CERT-EU Security Advisory 2012-0143

Title:  Adobe Hotfix available for ColdFusion 10 and earlier [1]

Version history:
12.12.2012 Initial publication

Summary
=======
Adobe has released a security hotfix for ColdFusion 10 and earlier versions for Windows, Macintosh and UNIX. This hotfix resolves a vulnerability which could result in a sandbox permissions violation in a shared hosting environment. Adobe recommends users update their product installation using the instructions provided below.

This hotfix addresses an important vulnerability in the software. 

CVE number: CVE 2012-5675 [2]

Vulnerable systems
==================
* ColdFusion 10, 9.0.2, 9.0.1, 9.0  Windows, Macintosh and UNIX

What can you do?
================
Adobe recommends ColdFusion customers update their installation using the instructions provided in the technote [3].


What to tell your users?
========================
Normal security best practices apply. Especially, inform your Web users to be cautious about following links to sites that are provided by unfamiliar or  suspicious sources. Users are to be aware not to click on the link in suspicious emails; to immediately forward the suspicious email to the respective IT security officer / contact in your institution.

More information
================
[1] http://www.adobe.com/support/security/bulletins/apsb12-26.html
[2] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5675
[3] http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb12-26.html

Best regards,
CERT-EU
CERT-EU Pre-configuration Team (http://cert.europa.eu)
Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu
PGP KeyID 0x46AC4383
FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383
Privacy Statement:
http://cert.europa.eu/cert/plainedition/en/cert_privacy.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBAgAGBQJQyKP1AAoJEPpzpNLI8SVoa+cQAJY2iwW3+ZTGvVswc47liCmY
krtlXdPVUpiB5qWrV+wQv4V/oig9DWgJTKfcjAI5LajvWfrEESZyULVOxZRN3umW
oWR4uK9VWmD3pTQ15YwEMrpjB6pwacKhcnFsxqlTk4TSnr656y2xbqWkLZ5Hebzy
NfR+cJpHDF+kSyGHaqQ5Cdxn5dLDeCTJgtgxwWi93+lbWG2XDTs8oGkZ1T9leY07
8gjGEYt5C6q8GE49tRmaQKzW7uhTtPmfu3n5KMDiuW2FQNWdRfFZKL9/EQFIGYlL
EvSeBCF+2CyW/ry0Tf/Q5KqhWqGLASvP/FWULT4RSlrypo8aswJ1kOq8v0D2DOBm
V38qJ3dsQqKb/nkHtaS0Q4SCFYQ4C1R9BsreoMnuIhRn5JEeGaStDtq/stMdG9HA
x+WQTmS9lMit12ddKy0Kym1kHd4F4kuLmsMKw0cTMjxXONcCrgGfWNSyGBcnVXLc
RnM85N+s2r8o/RLsA26v/yW0ItA5vxhzPYGGDBEzIhwt4zEOpsDpGANFAxqyfx69
7tlixjJWOVEGeKZtX6lP78xB2jrQ25aWDPf1ymOvUFlzBBIMxfooEcYI8UzXfXkE
h/SU4fwvf9E0qR4AfzaGF/RMS0a7PV+ChCq6ORHSfAuiYbbPGkiMFI3oFNKq0wlu
ULNIolueuM6LWvL46irG
=qmIT
-----END PGP SIGNATURE-----