Adobe Releases Hotfix for FCKEditor Security Issue

Adobe has just released the hotfix for the FCKEditor security issue. You can read about and download the hotfix directly from Adobe.

A summary of the potential exploit taken from the Adobe security bulletin:

A vulnerability in FCKEditor, which is included as part of ColdFusion 8, could allow a remote attacker to upload files in arbitrary directories which could lead to a system compromise. This hotfix updates the version of FCKEditor included with ColdFusion 8, turns off file upload capabilities by default, restricts access to cfm files in the FCKeditoreditorfilenamanger directory, and limits file upload capabilities to users with valid sessions. This issue is remotely exploitable. There are reports that this issue is being exploited in the wild.

Comments

comments powered by Disqus