A denial-of-service vulnerability was discovered affecting ColdFusion on Windows Internet Information Services (IIS), the Microsoft Web server. Adobe credits Brian Cassell, an IT manager at Compass Group North America for reporting the issue. The security hotfix is for ColdFusions 10 Update 1 and above for the Windows operating system. Earlier this month, a Russian security company reported the discovery of a vulnerability and exploit in circulation in the underground for Adobe Reader. The exploit bypasses Adobe s sandbox protection, and is selling for upwards of $50,000.
Source: https://threatpost.com/adobe-patches-dos-flaw-coldfusion-10-111912/77229/