I don't know, but it should be easy enough to check on your install. Dave Watts, CTO, Fig Leaf Software
-----Original Message----- From: Eric Roberts <ow...@threeravensconsulting.com> Sent: Friday, 03 July, 2009 19:32 To: cf-talk <cf-talk@houseoffusion.com> Subject: Re: New CF8 vulnerability Dave (or anyone else with information), I know the vulnerability was in older versions of FCKEditor...if one were to install and use the current version, does it still have the vulnerability or has that been fixed? I just got an emergency gig to fix a site that was hacked because of this and we need to know if it is safe to do this or just keep FCKEditor disabled inthe meantime. Eric On Thu, Jul 2, 2009 at 6:17 PM, Dave Watts <dwa...@figleaf.com> wrote: > > You may want to check for this on any clients/projects you've worked with: > http://isc.sans.org/diary.html?storyid=6715 > > Remediation steps available here: > http://www.codfusion.com/blog/post.cfm/cf8-and-fckeditor-security-threat > > Dave Watts, CTO, Fig Leaf Software > http://www.figleaf.com/ > > Fig Leaf Software provides the highest caliber vendor-authorized > instruction at our training centers in Washington DC, Atlanta, > Chicago, Baltimore, Northern Virginia, or on-site at your location. > Visit http://training.figleaf.com/ for more information! > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:324217 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4