An XML external entity (XXE) processing vulnerability has been reported in the Office Open XML (OOXML) parsing component of Adobe ColdFusion. The vulnerability is due to a lack of validation on user-supplied input when parsing OOXML documents. A remote attacker could exploit this vulnerability by uploading a maliciously crafted OOXML document to the target server. Successful exploitation could allow the attacker to read arbitrary files from the target server.