CVE-2004-2204 Information

Description

Macromedia ColdFusion MX 6.0 and 6.1 application server when running with the CreateObject function or CFOBJECT tag enabled allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT.

Reference

http://secunia.com/advisories/12693 http://www.macromedia.com/devnet/security/security_zone/mpsb04-10.html http://www.osvdb.org/10718 http://www.securityfocus.com/archive/1/377213 http://www.securityfocus.com/bid/11364 https://exchange.xforce.ibmcloud.com/vulnerabilities/17567