US-CERT Current Activity – FCKeditor Releases Version 2.6.4.1 | Systech Solutions LTD.

US-CERT Current Activity – FCKeditor Releases Version 2.6.4.1

Thursday, July 9th, 2009 - 10:19 am - IT Newsletters

The following alert is now from US-Cert:

US-CERT Current Activity

FCKeditor Releases Version 2.6.4.1

Original release date: July 6, 2009 at 12:37 pm Last revised: July 9, 2009 at 11:39 am

The FCKeditor project has released FCKeditor version 2.6.4.1 to address a vulnerability. This vulnerability is due to improper verification of input passed to the “CurrentFolder” parameter.

Exploitation of this vulnerability may allow an attacker to execute arbitrary code.

Additionally, FCKeditor is part of Adobe ColdFusion 8 and is enabled by default. The Adobe Product Security Incident Response Team (PSIRT) has posted a blog entry indicating that they are aware of public reports of ColdFusion websites being targeted for exploitation of this vulnerability.

US-CERT encourages users and administrators to upgrade to FCKeditor version 2.6.4.1 to help mitigate the risks. ColdFusion 8 users should review Adobe security bulletin APSB09-09 and apply the hotfix to help mitigate the risks.

Relevant Url(s):

<http://www.fckeditor.net/download>

<http://blogs.adobe.com/psirt/2009/07/potential_coldfusion_security.html>

<http://www.adobe.com/support/security/bulletins/apsb09-09.html>

====

This entry is available at

http://www.us-cert.gov/current/index.html#fckeditor_releases_version_2_6

Powered by Wordress

Leave a Reply

NETWORKWORLD – Palm Pre: The official Cool Tools review Next Post

SEO Powered by Platinum SEO from Techblissonline