all InfoSec news
CVE-2022-35690: Unauthenticated RCE in Adobe ColdFusion
Zero Day Initiative - Blog www.zerodayinitiative.com
In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Lucas Miller and Dusan Stevanovic of the Trend Micro Research Team detail a recently patched remote code execution vulnerability in Adobe ColdFusion. This bug was originally reported to the ZDI program by a researcher known as rgod. The vulnerability is due to the lack of proper validation of user-supplied data, which can result in a memory corruption condition. Successful exploitation could lead to arbitrary code execution at the …
adobe adobe coldfusion blog post bug code code execution coldfusion corruption cve data exploitation memory memory corruption micro miller program rce remote code remote code execution report research researcher result service team trend trend micro validation vulnerability vulnerability research zdi