VDB

GCVE-110-CERTCC-2021-125331

GCVE-110-CERTCC-2021-125331
Advisory Published
Vulnetix · Advisory published February 1, 2021
### Overview Adobe ColdFusion fails to properly set ACLs, which can allow an unprivileged Windows user to be able to run arbitrary code with SYSTEM privileges. ### Description The Adobe ColdFusion installer fails to set a secure access-control list (ACL) on the default installation directory, such as `C:\ColdFusion2021\`. By default, unprivileged users can create files in this directory structure, which creates a privilege-escalation vulnerability. ### Impact By placing a specially-crafted DLL file in the ColdFusion installation directory, an unprivileged user may be able to execute arbitrary code with SYSTEM privileges on a Windows system with the vulnerable ColdFusion software installed. See [DLL Search Order Hijacking](https://attack.mitre.org/techniques/T1574/001/) for more details. ### Solution #### Use the Server Auto-Lockdown Installer By default, ColdFusion does not configure itself securely. In order to secure ColdFusion with respect to service privileges, ACLs, and other attributes, the [ColdFusion Server Auto-Lockdown](https://helpx.adobe.com/coldfusion/user-guide.html/coldfusion/using/server-lockdown.ug.html) installer must be installed in addition to installing ColdFusion itself. Mitigation steps will vary based on the version of ColdFusion being used: ColdFusion 2016: Apply the changes outlined in the [ColdFusion 2016 Lockdown Guide](https://wwwimages.adobe.com/content/dam/acom/en/products/coldfusion/pdfs/coldfusion-2016-lockdown-guide.pdf). ColdFusion 2018: Run the [ColdFusion 2018 Auto-Lockdown installer](https://www.adobe.com/support/coldfusion/downloads.html#cf2018ldg) and ensure that it completes without error. ColdFusion 2021: Run the [ColdFusion 2021 Auto-Lockdown installer](https://www.adobe.com/support/coldfusion/downloads.html#cf2021ldg) and ensure that it completes without error. ### Acknowledgements This vulnerability was reported by Will Dormann of the CERT/CC. This document was written by Will Dormann.

Browse GCVE Records

73,834 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›