|
|
|||
| Rule General Information |
|---|
| Release Date: | 2016-10-21 | |
| Rule Name: | Adobe Coldfusion OOXML XXE Information Disclosure Vulnerability (CVE-2016-4264) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | The Office Open XML (OOXML) feature in Adobe ColdFusion 10 before Update 21 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via a crafted OOXML spreadsheet containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |
| Impact: | An attacker can abtain sensitive information of the target victim, and do malicious actions to gain profits using the information. | |
| Affected OS: | Windows, Other Unix, Linux | |
| Reference: | http://legalhackers.com/advisories/Adobe-ColdFusion-11-XXE-Exploit-CVE-2016-4264.txt SecurityFocusBID:92684 AdobeSecurityBulletins:apsb16-30 http://www.securityfocus.com/archive/1/539374/100/0/threaded |
|
| Solutions |
|---|
| Adobe has issued a fix on the official website. For more advisory, please visit https://helpx.adobe.com/security/products/coldfusion/apsb16-30.html |