CVE-2001-1514

Name of the Vulnerable Software and Affected Versions ColdFusion versions 4.5 and 5

Description The issue arises when ColdFusion is running on Windows with the advanced security sandbox type set to "operating system". It fails to properly pass the security context to child processes created with CFEXECUTE and to child processes that call the CreateProcess function and are executed with CFOBJECT or end with the CFX extension. This allows attackers to execute programs with the permissions of the System account.

Recommendations For ColdFusion versions 4.5 and 5, consider restricting the use of CFEXECUTE and CFOBJECT until a proper fix is applied to ensure that child processes are executed with the correct security context. Additionally, limit the execution of files with the CFX extension to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.