Adobe released a security advisory which identifies three vulnerabilities (CVE-2013-0625, CVE-2013-0629, CVE-2013-0631) affecting ColdFusion for Windows, Macintosh and Unix. They have received reports that these vulnerabilities are actively being exploited. Adobe is currently planning to release a fix for January 15, 2013.

Additional information and mitigations options available here.

[1] http://www.adobe.com/support/security/advisories/apsa13-01.html

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu