Unrated severityNVD Advisory· Published Apr 11, 2007· Updated Apr 23, 2026

CVE-2007-1874

Description

Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions for certain scripts and directories, which allows local users to execute arbitrary code or obtain sensitive information via the (1) CFMX7DreamWeaverExtensions.mxp, (2) CFReportBuilderInstaller.exe, (3) .com.zerog.registry.xml, (4) uninstall.lax, (5) license.txt, (6) Readme.htm, (7) .com.zerog.registry.xml, (8) k2adminstop, or (9) k2adminstart files; or (10) certain files in lib/wsconfig/.

Affected products

Adobe Inc./Coldfusion2 versions
cpe:2.3:a:adobe:coldfusion:7.0:*:linux:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:coldfusion:7.0:*:linux:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:7.0:*:solaris:*:*:*:*:*
Adobe Inc./ColdFusion MX 7llm-fuzzy
Range: =7

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.adobe.com/support/security/bulletins/apsb07-08.htmlnvdPatchVendor Advisory
labs.idefense.com/intelligence/vulnerabilities/display.phpnvdVendor Advisory
secunia.com/advisories/24850nvdVendor Advisory
osvdb.org/34930nvd
www.securityfocus.com/bid/23405nvd
www.securitytracker.com/idnvd
www.vupen.com/english/advisories/2007/1341nvd
exchange.xforce.ibmcloud.com/vulnerabilities/33571nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000