If what you say is true Please address the question in this forum from 14 May 2013.."Does vulnerability CVE-2013-3336 apply to CF8.0?
This question is a response to clarify the release note from ADOBE..."ADOBE has identified a critical vulnerability affecting CF10, 9.0.2, 9.0.1, 9.0 and "earlier" versions for Windows, Mac...and Unix. This vulnerability (CVE-2013-3336) could permit an unauthorized user to remotely retrieve files stored on a server.
This release by ADOBE indicates CVE-2013-3336 earlier versions of coldfusion and that seems to include CF8. Also, if an owner has extended support why would ADOBE allow extended support to go without vulnerability coverage?