CVE-2005-4344

Name of the Vulnerable Software and Affected Versions Adobe ColdFusion MX version 7.0

Description The issue concerns a configuration setting where the CFOBJECT /CreateObject(Java) setting is not honored when disabled. This allows local users to create an object despite the specified configuration, potentially leading to unauthorized actions.

Recommendations For Adobe ColdFusion MX version 7.0, consider disabling the CreateObject(Java) function until a proper configuration setting is implemented to honor the disabled state of CFOBJECT. Restrict access to the CFOBJECT setting to minimize the risk of exploitation.