CVE-2022-35711
Adobe ColdFusion ODBC Server Heap-based Buffer Overflow Remote Code Execution Vulnerability
In short
Adobe ColdFusion contains a memory flaw that allows attackers to send specially crafted network packets to crash the server or execute arbitrary code without needing user interaction. This is a critical vulnerability because it can be exploited remotely and automatically.
Technical detail
A heap-based buffer overflow in Adobe ColdFusion's ODBC server component allows remote code execution when malicious network packets are sent to the affected system. The attack vector is network-based with no authentication or user interaction required; exploitation occurs upon receipt of a crafted packet, resulting in code execution with the privileges of the ColdFusion process.
Summary generated and translated by AI from the official description.
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Adobe · ColdFusionWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →