|
|||
Rule General Information |
---|
Release Date: | 2016-10-21 | |
Rule Name: | Adobe Coldfusion OOXML XXE Information Disclosure Vulnerability (CVE-2016-4264) | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | The Office Open XML (OOXML) feature in Adobe ColdFusion 10 before Update 21 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via a crafted OOXML spreadsheet containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |
Impact: | An attacker can abtain sensitive information of the target victim, and do malicious actions to gain profits using the information. | |
Affected OS: | Windows, Other Unix, Linux | |
Reference: | http://legalhackers.com/advisories/Adobe-ColdFusion-11-XXE-Exploit-CVE-2016-4264.txt SecurityFocusBID:92684 AdobeSecurityBulletins:apsb16-30 http://www.securityfocus.com/archive/1/539374/100/0/threaded |
|
Solutions |
---|
Adobe has issued a fix on the official website. For more advisory, please visit https://helpx.adobe.com/security/products/coldfusion/apsb16-30.html |