* BUFFER OVERFLOW IN MACROMEDIA'S COLDFUSION AND JRUN A buffer overflow vulnerability exists in Macromedia's ColdFusion 6.0 and JRun 4.0 that might enable a potential attacker to execute arbitrary code in the SYSTEM context of the vulnerable system. This vulnerability stems from various heap overflows in the Microsoft IIS Internet Server API (ISAPI) handlers when handling Uniform Resource Identifier (URI) filenames. If an attacker supplies a filename of more than 4096 bytes in size, the name can overwrite heap memory. To gain control of the remote IIS process with SYSTEM-level access, an attacker can overwrite various structures in the process heap. Macromedia has released patches for both the ColdFusion and JRun products. For more details about this vulnerability, see the following URL. http://www.secadministrator.com/articles/index.cfm?articleid=27285
______________________________________________________________________ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm ------------------------------------------------------------------------------ To unsubscribe, send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body or visit the list page at www.houseoffusion.com
