====================================================================

                             CERT-Renater

                  Note d'Information No. 2012/VULN479
____________________________________________________________________

DATE                : 12/12/2012

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S) : Systems running ColdFusion versions 10, 9.0.2,
                           9.0.1, 9.0.

======================================================================
http://www.adobe.com/support/security/bulletins/apsb12-26.html
______________________________________________________________________


Security update: Hotfix available for ColdFusion 10 and earlier

Release date: December 11, 2012

Vulnerability identifier: APSB12-26

Priority: 2

CVE number: CVE 2012-5675

Platform: All Platforms


SUMMARY

Adobe has released a security hotfix for ColdFusion 10 and earlier
versions for Windows, Macintosh and UNIX. This hotfix resolves a
vulnerability which could result in a sandbox permissions violation in
a shared hosting environment.
Adobe recommends users update their product installation using the
instructions provided in the "Solution" section below.


AFFECTED SOFTWARE VERSIONS

ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX


SOLUTION

Adobe recommends ColdFusion customers update their installation using
the instructions provided in the technote:
http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb12-26.html.


SEVERITY RATING

Adobe categorizes this hotfix with the following priority rating and
recommends users update their installation to the newest version:

Product					Platform		Priority Rating
ColdFusion 10, 9.0.2, 9.0.1, 9.0	Windows, Macintosh and	2
					UNIX

This hotfix addresses an important vulnerability in the software.


DETAILS

Adobe has released a security hotfix for ColdFusion 10 and earlier
versions for Windows, Macintosh and UNIX. This hotfix resolves a
vulnerability which could result in a sandbox permissions violation in
a shared hosting environment.
Adobe recommends users update their product installation using the
instructions provided in the "Solution" section above.

This hotfix resolves a vulnerability which could result in a sandbox
permissions violation in a shared hosting environment (CVE-2012-5675).


ACKNOWLEDGMENTS

Adobe would like to thank David Boyer (CVE-2012-5675) for reporting the
relevant issue and for working with Adobe to help protect our customers.


REVISIONS

December 11, 2012 - Fixed typo in CVE number

======================================================================

=========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
=========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44          +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
+ 75013 Paris           | email: certsvp@renater.fr     +
=========================================================