Adobe ColdFusion exploit spreading
An exploit targeting a critical vulnerability in Adobe's ColdFusion application servers has been identified, according to a security advisory. Versions running on Windows, Macintosh and UNIX are affected.
The vulnerability (CVE-2013-3336) would allow an intruder to remotely siphon any files stored on the server. Adobe recommends users should restrict public access to administrator directors and reference ColdFusion best practices.
Adobe expects to resolve the issue with a “hotfix”, to be released Tuesday, the next scheduled update. This announcement comes on the heels of a “low-severity” issue in Reader and Acrobat that would allow someone to track a PDF document.