From aleph1@UNDERGROUND.ORG Mon Jun 14 04:10:46 1999 From: aleph1@UNDERGROUND.ORG To: BUGTRAQ@netspace.org Date: Tue, 1 Jun 1999 11:45:35 -0700 Subject: New Allaire Security Bulletin (ASB99-09) Dear Allaire Customer -- We have recently become aware of a serious security vulnerability that may affect customers using Microsoft Access with ColdFusion. This issue is not a problem with ColdFusion, but can occur when using some versions of the Microsoft Access ODBC driver. We have created a new Allaire Security Bulletin that documents this issue and the steps that customers can take to protect themselves. If you are using Microsoft Access with your Web applications we strongly recommend that you review this new bulletin: ASB99-09: Solutions to Issues that Allow Users to Execute Commands through Microsoft Access You can find this new bulletin and information about other security issues in the Allaire Security Zone: http://www.allaire.com/security As a Web application platform vendor, one of our highest concerns is the security of the systems our customers deploy. We understand how important security is to our customers, and we're committed to providing the technology and information customers need to build secure Web applications. Allaire has set up an email address that customers can use to report security issues associated with an Allaire product: secure@allaire.com. Thank you for your time and consideration on this issue. -- Allaire Security Response Team